Analysis Overview
SHA256
e1c89f5b482e75e1fc766986357e478c670ab87a415fe25a80bf8b1852f2c367
Threat Level: Known bad
The file RNSM00275.7z was found to be: Known bad.
Malicious Activity Summary
Process spawned unexpected child process
Gozi family
Gozi
Deletes shadow copies
Contacts a large (669) amount of remote hosts
Executes dropped EXE
Loads dropped DLL
Indicator Removal: File Deletion
Adds Run key to start application
Command and Scripting Interpreter: PowerShell
UPX packed file
Suspicious use of SetThreadContext
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
System policy modification
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-22 17:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-22 17:22
Reported
2024-11-22 17:26
Platform
win7-20241010-en
Max time kernel
50s
Max time network
199s
Command Line
Signatures
Gozi
Gozi family
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\mshta.exe |
Deletes shadow copies
Contacts a large (669) amount of remote hosts
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsSetup = "C:\\Users\\Admin\\AppData\\Roaming\\WindowsSetup.exe" | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.meia-f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\mcjvmdw = "C:\\Windows\\SYSTEM32\\CMD.EXE /C START C:\\Windows\\ulngypmxrybc.exe" | C:\Windows\ulngypmxrybc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\kvxsmeqdaciy = "C:\\Windows\\system32\\cmd.exe /c start \"\" \"C:\\Windows\\otrkywdjvngx.exe\"" | C:\Windows\otrkywdjvngx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Apph32gt = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\C_G1ring\\catsclnt.exe" | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Foreign.njhp-b2925170efd2cc372b8e3b5c64938b49362c4d325d2e511031ab070e264e8011.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Indicator Removal: File Deletion
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1680 set thread context of 2176 | N/A | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.meia-f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0.exe | C:\Windows\SysWOW64\explorer.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\otrkywdjvngx.exe | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Crypmod.xbb-315f369efc70c440c9e128dceedb0390270f2e9be18bfee589bedf7b00bd2cac.exe | N/A |
| File opened for modification | C:\Windows\otrkywdjvngx.exe | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Crypmod.xbb-315f369efc70c440c9e128dceedb0390270f2e9be18bfee589bedf7b00bd2cac.exe | N/A |
| File created | C:\Windows\ulngypmxrybc.exe | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Bitman.qmf-88491874dceb0139df6807591535dbfb39807af6a35b834288a3864164ec128f.exe | N/A |
| File opened for modification | C:\Windows\ulngypmxrybc.exe | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Bitman.qmf-88491874dceb0139df6807591535dbfb39807af6a35b834288a3864164ec128f.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.gn-7bb2e629f366f938cc2d6778804f413a372ddd3ce9637e17205e0961e4e1ec8d.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.meia-f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1" | C:\Windows\otrkywdjvngx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\ulngypmxrybc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1" | C:\Windows\ulngypmxrybc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\otrkywdjvngx.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00275.7z"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-0c652a4108820f8b448d92cd5881ae30d85267e5a3c139881c89cc1735cd9767.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-0c652a4108820f8b448d92cd5881ae30d85267e5a3c139881c89cc1735cd9767.exe
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23.exe
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-9a370a5b9fc8c3928f0d9e3881db4b79a1f020c2ff042d3ef9f9672f22ac9316.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-9a370a5b9fc8c3928f0d9e3881db4b79a1f020c2ff042d3ef9f9672f22ac9316.exe
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Blocker.gen-92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b.exe
HEUR-Trojan-Ransom.Win32.Blocker.gen-92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b.exe
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Generic-ee44be57270954cc60c1d2bb3cd678019e20aa43e84c8e457a4803519e8528ad.exe
HEUR-Trojan-Ransom.Win32.Generic-ee44be57270954cc60c1d2bb3cd678019e20aa43e84c8e457a4803519e8528ad.exe
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Zerber.gen-2aa775cfaf4a849779153df2ea1d7e513a60e629a38f43487491fa3d5d29773d.exe
HEUR-Trojan-Ransom.Win32.Zerber.gen-2aa775cfaf4a849779153df2ea1d7e513a60e629a38f43487491fa3d5d29773d.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Bitman.qmf-88491874dceb0139df6807591535dbfb39807af6a35b834288a3864164ec128f.exe
Trojan-Ransom.Win32.Bitman.qmf-88491874dceb0139df6807591535dbfb39807af6a35b834288a3864164ec128f.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.drxt-d083c4fa5a88432fc013db0ac1f22a01c0ec0b4725c27bf5cfb7b8d3099fd9ac.exe
Trojan-Ransom.Win32.Blocker.drxt-d083c4fa5a88432fc013db0ac1f22a01c0ec0b4725c27bf5cfb7b8d3099fd9ac.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.meia-f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0.exe
Trojan-Ransom.Win32.Blocker.meia-f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Crypmod.xbb-315f369efc70c440c9e128dceedb0390270f2e9be18bfee589bedf7b00bd2cac.exe
Trojan-Ransom.Win32.Crypmod.xbb-315f369efc70c440c9e128dceedb0390270f2e9be18bfee589bedf7b00bd2cac.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Foreign.gxos-e1331443022e01a46ecea061403318ec84dd1747430e2cc98accb67fe44b58e8.exe
Trojan-Ransom.Win32.Foreign.gxos-e1331443022e01a46ecea061403318ec84dd1747430e2cc98accb67fe44b58e8.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Foreign.njhp-b2925170efd2cc372b8e3b5c64938b49362c4d325d2e511031ab070e264e8011.exe
Trojan-Ransom.Win32.Foreign.njhp-b2925170efd2cc372b8e3b5c64938b49362c4d325d2e511031ab070e264e8011.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.GenericCryptor.ilm-130901fab52c6cd7fee0a2e1776aa9938874cad922aa431ea9e2f21b9f0b3724.exe
Trojan-Ransom.Win32.GenericCryptor.ilm-130901fab52c6cd7fee0a2e1776aa9938874cad922aa431ea9e2f21b9f0b3724.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.dlx-5da789e775061401f4044aab9818d7094f2e3f95256b540840a85e2842b15f22.exe
Trojan-Ransom.Win32.Locky.dlx-5da789e775061401f4044aab9818d7094f2e3f95256b540840a85e2842b15f22.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.gn-7bb2e629f366f938cc2d6778804f413a372ddd3ce9637e17205e0961e4e1ec8d.exe
Trojan-Ransom.Win32.Locky.gn-7bb2e629f366f938cc2d6778804f413a372ddd3ce9637e17205e0961e4e1ec8d.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.wyc-1fc261dabeba15e8e5f5495fbb519847e7783e15501cf6e802eaa9ac7c19c3ea.exe
Trojan-Ransom.Win32.Locky.wyc-1fc261dabeba15e8e5f5495fbb519847e7783e15501cf6e802eaa9ac7c19c3ea.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.wze-5c6f7b9de14d59d19d62dc147dab0337d5b19d77fd31abe47f7fcae17d3a3fc5.exe
Trojan-Ransom.Win32.Locky.wze-5c6f7b9de14d59d19d62dc147dab0337d5b19d77fd31abe47f7fcae17d3a3fc5.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.xaj-92863e45537aa9c1eee65bb71e9709342d35aa5d27e1a0632a07267235bd1c8f.exe
Trojan-Ransom.Win32.Locky.xaj-92863e45537aa9c1eee65bb71e9709342d35aa5d27e1a0632a07267235bd1c8f.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Purga.p-f057cdee05e945771df9d7d9499a9172e0ee59175c9306ac2250ca751a5fc66b.exe
Trojan-Ransom.Win32.Purga.p-f057cdee05e945771df9d7d9499a9172e0ee59175c9306ac2250ca751a5fc66b.exe
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\system32\explorer.exe"
C:\Windows\ulngypmxrybc.exe
C:\Windows\ulngypmxrybc.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Rack.gvy-a1f0617c44fcd4794a06b1b8bad5a133b0c9bcc177dd11546ca38016c8bb6488.exe
Trojan-Ransom.Win32.Rack.gvy-a1f0617c44fcd4794a06b1b8bad5a133b0c9bcc177dd11546ca38016c8bb6488.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Zerber.ewgz-6612323db1ef26c1813c35d4c1d8f6983c7aac7a6acc160c33f27e5f670288fc.exe
Trojan-Ransom.Win32.Zerber.ewgz-6612323db1ef26c1813c35d4c1d8f6983c7aac7a6acc160c33f27e5f670288fc.exe
C:\Windows\otrkywdjvngx.exe
C:\Windows\otrkywdjvngx.exe
C:\Users\Admin\AppData\Roaming\Kyajyq\pyudy.exe
"C:\Users\Admin\AppData\Roaming\Kyajyq\pyudy.exe"
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-0c652a4108820f8b448d92cd5881ae30d85267e5a3c139881c89cc1735cd9767.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-0c652a4108820f8b448d92cd5881ae30d85267e5a3c139881c89cc1735cd9767.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Zerber.ewgz-6612323db1ef26c1813c35d4c1d8f6983c7aac7a6acc160c33f27e5f670288fc.exe
Trojan-Ransom.Win32.Zerber.ewgz-6612323db1ef26c1813c35d4c1d8f6983c7aac7a6acc160c33f27e5f670288fc.exe
C:\Windows\System32\wbem\WMIC.exe
"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
C:\Windows\System32\wbem\WMIC.exe
"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00275\TROJAN~1.EXE
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00275\TROJAN~4.EXE
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.GenericCryptor.ilm-130901fab52c6cd7fee0a2e1776aa9938874cad922aa431ea9e2f21b9f0b3724.exe
Trojan-Ransom.Win32.GenericCryptor.ilm-130901fab52c6cd7fee0a2e1776aa9938874cad922aa431ea9e2f21b9f0b3724.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-9a370a5b9fc8c3928f0d9e3881db4b79a1f020c2ff042d3ef9f9672f22ac9316.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-9a370a5b9fc8c3928f0d9e3881db4b79a1f020c2ff042d3ef9f9672f22ac9316.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\5FCC\2FE6.bat" "C:\Users\Admin\AppData\Roaming\MICROS~1\C_G1ring\catsclnt.exe" "C:\Users\Admin\Desktop\00275\TR88B2~1.EXE""
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Purga.p-f057cdee05e945771df9d7d9499a9172e0ee59175c9306ac2250ca751a5fc66b.exe
Trojan-Ransom.Win32.Purga.p-f057cdee05e945771df9d7d9499a9172e0ee59175c9306ac2250ca751a5fc66b.exe
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Zerber.gen-2aa775cfaf4a849779153df2ea1d7e513a60e629a38f43487491fa3d5d29773d.exe
HEUR-Trojan-Ransom.Win32.Zerber.gen-2aa775cfaf4a849779153df2ea1d7e513a60e629a38f43487491fa3d5d29773d.exe
C:\Users\Admin\AppData\Local\system.exe
"C:\Users\Admin\AppData\Local\system.exe"
C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" javascript:sL7mr6Q="ACm";fT10=new%20ActiveXObject("WScript.Shell");MKT5cp9F="ZrGE0";G4I1sx=fT10.RegRead("HKLM\\software\\Wow6432Node\\R2DCySjdzC\\CZojT4aZA");Em7XDx2="mT14e1O";eval(G4I1sx);TMIEUb2L="t4PdVf";
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\del.bat
C:\Windows\SysWOW64\SCHTASKS.exe
C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" iex $env:rbvmmwp
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_A4QK_README_.hta"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\SWZC655.bat"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "Update\6c237ee1-e4eb-4fe1-87dc-1ad2e4fca485" /F
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Update\6c237ee1-e4eb-4fe1-87dc-1ad2e4fca485" /XML "C:\Users\Admin\AppData\Local\Temp\tmp1490157530.tmp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /K "C:\Users\Admin\AppData\Roaming\WipeShadow.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\SysWOW64\regsvr32.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6640 CREDAT:275458 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysD22E.tmp"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysD2BA.tmp"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6820 CREDAT:275457 /prefetch:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| IN | 1.22.15.0:6892 | udp | |
| IN | 1.22.15.1:6892 | udp | |
| IN | 1.22.15.2:6892 | udp | |
| IN | 1.22.15.3:6892 | udp | |
| IN | 1.22.15.4:6892 | udp | |
| IN | 1.22.15.5:6892 | udp | |
| IN | 1.22.15.6:6892 | udp | |
| IN | 1.22.15.7:6892 | udp | |
| IN | 1.22.15.8:6892 | udp | |
| IN | 1.22.15.9:6892 | udp | |
| IN | 1.22.15.10:6892 | udp | |
| IN | 1.22.15.11:6892 | udp | |
| IN | 1.22.15.12:6892 | udp | |
| IN | 1.22.15.13:6892 | udp | |
| IN | 1.22.15.14:6892 | udp | |
| IN | 1.22.15.15:6892 | udp | |
| IN | 1.22.15.16:6892 | udp | |
| IN | 1.22.15.17:6892 | udp | |
| IN | 1.22.15.18:6892 | udp | |
| IN | 1.22.15.19:6892 | udp | |
| IN | 1.22.15.20:6892 | udp | |
| IN | 1.22.15.21:6892 | udp | |
| IN | 1.22.15.22:6892 | udp | |
| IN | 1.22.15.23:6892 | udp | |
| IN | 1.22.15.24:6892 | udp | |
| IN | 1.22.15.25:6892 | udp | |
| IN | 1.22.15.26:6892 | udp | |
| IN | 1.22.15.27:6892 | udp | |
| IN | 1.22.15.28:6892 | udp | |
| IN | 1.22.15.29:6892 | udp | |
| IN | 1.22.15.30:6892 | udp | |
| IN | 1.22.15.31:6892 | udp | |
| IT | 2.23.16.0:6892 | udp | |
| IT | 2.23.16.1:6892 | udp | |
| IT | 2.23.16.2:6892 | udp | |
| IT | 2.23.16.3:6892 | udp | |
| IT | 2.23.16.4:6892 | udp | |
| IT | 2.23.16.5:6892 | udp | |
| IT | 2.23.16.6:6892 | udp | |
| IT | 2.23.16.7:6892 | udp | |
| IT | 2.23.16.8:6892 | udp | |
| IT | 2.23.16.9:6892 | udp | |
| IT | 2.23.16.10:6892 | udp | |
| IT | 2.23.16.11:6892 | udp | |
| IT | 2.23.16.12:6892 | udp | |
| IT | 2.23.16.13:6892 | udp | |
| IT | 2.23.16.14:6892 | udp | |
| IT | 2.23.16.15:6892 | udp | |
| IT | 2.23.16.16:6892 | udp | |
| IT | 2.23.16.17:6892 | udp | |
| IT | 2.23.16.18:6892 | udp | |
| IT | 2.23.16.19:6892 | udp | |
| IT | 2.23.16.20:6892 | udp | |
| IT | 2.23.16.21:6892 | udp | |
| IT | 2.23.16.22:6892 | udp | |
| IT | 2.23.16.23:6892 | udp | |
| IT | 2.23.16.24:6892 | udp | |
| IT | 2.23.16.25:6892 | udp | |
| IT | 2.23.16.26:6892 | udp | |
| IT | 2.23.16.27:6892 | udp | |
| IT | 2.23.16.28:6892 | udp | |
| IT | 2.23.16.29:6892 | udp | |
| IT | 2.23.16.30:6892 | udp | |
| IT | 2.23.16.31:6892 | udp | |
| DE | 91.239.24.0:6892 | udp | |
| DE | 91.239.24.1:6892 | udp | |
| DE | 91.239.24.2:6892 | udp | |
| DE | 91.239.24.3:6892 | udp | |
| DE | 91.239.24.4:6892 | udp | |
| DE | 91.239.24.5:6892 | udp | |
| DE | 91.239.24.6:6892 | udp | |
| DE | 91.239.24.7:6892 | udp | |
| DE | 91.239.24.8:6892 | udp | |
| DE | 91.239.24.9:6892 | udp | |
| DE | 91.239.24.10:6892 | udp | |
| DE | 91.239.24.11:6892 | udp | |
| DE | 91.239.24.12:6892 | udp | |
| DE | 91.239.24.13:6892 | udp | |
| DE | 91.239.24.14:6892 | udp | |
| DE | 91.239.24.15:6892 | udp | |
| DE | 91.239.24.16:6892 | udp | |
| DE | 91.239.24.17:6892 | udp | |
| DE | 91.239.24.18:6892 | udp | |
| DE | 91.239.24.19:6892 | udp | |
| DE | 91.239.24.20:6892 | udp | |
| DE | 91.239.24.21:6892 | udp | |
| DE | 91.239.24.22:6892 | udp | |
| DE | 91.239.24.23:6892 | udp | |
| DE | 91.239.24.24:6892 | udp | |
| DE | 91.239.24.25:6892 | udp | |
| DE | 91.239.24.26:6892 | udp | |
| DE | 91.239.24.27:6892 | udp | |
| DE | 91.239.24.28:6892 | udp | |
| DE | 91.239.24.29:6892 | udp | |
| DE | 91.239.24.30:6892 | udp | |
| DE | 91.239.24.31:6892 | udp | |
| DE | 91.239.24.32:6892 | udp | |
| DE | 91.239.24.33:6892 | udp | |
| DE | 91.239.24.34:6892 | udp | |
| DE | 91.239.24.35:6892 | udp | |
| DE | 91.239.24.36:6892 | udp | |
| DE | 91.239.24.37:6892 | udp | |
| DE | 91.239.24.38:6892 | udp | |
| DE | 91.239.24.39:6892 | udp | |
| DE | 91.239.24.40:6892 | udp | |
| DE | 91.239.24.41:6892 | udp | |
| DE | 91.239.24.42:6892 | udp | |
| DE | 91.239.24.43:6892 | udp | |
| DE | 91.239.24.44:6892 | udp | |
| DE | 91.239.24.45:6892 | udp | |
| DE | 91.239.24.46:6892 | udp | |
| DE | 91.239.24.47:6892 | udp | |
| DE | 91.239.24.48:6892 | udp | |
| DE | 91.239.24.49:6892 | udp | |
| DE | 91.239.24.50:6892 | udp | |
| DE | 91.239.24.51:6892 | udp | |
| DE | 91.239.24.52:6892 | udp | |
| DE | 91.239.24.53:6892 | udp | |
| DE | 91.239.24.54:6892 | udp | |
| DE | 91.239.24.55:6892 | udp | |
| DE | 91.239.24.56:6892 | udp | |
| DE | 91.239.24.57:6892 | udp | |
| DE | 91.239.24.58:6892 | udp | |
| DE | 91.239.24.59:6892 | udp | |
| DE | 91.239.24.60:6892 | udp | |
| DE | 91.239.24.61:6892 | udp | |
| DE | 91.239.24.62:6892 | udp | |
| DE | 91.239.24.63:6892 | udp | |
| DE | 91.239.24.64:6892 | udp | |
| DE | 91.239.24.65:6892 | udp | |
| DE | 91.239.24.66:6892 | udp | |
| DE | 91.239.24.67:6892 | udp | |
| DE | 91.239.24.68:6892 | udp | |
| DE | 91.239.24.69:6892 | udp | |
| DE | 91.239.24.70:6892 | udp | |
| DE | 91.239.24.71:6892 | udp | |
| DE | 91.239.24.72:6892 | udp | |
| DE | 91.239.24.73:6892 | udp | |
| DE | 91.239.24.74:6892 | udp | |
| DE | 91.239.24.75:6892 | udp | |
| DE | 91.239.24.76:6892 | udp | |
| DE | 91.239.24.77:6892 | udp | |
| DE | 91.239.24.78:6892 | udp | |
| DE | 91.239.24.79:6892 | udp | |
| DE | 91.239.24.80:6892 | udp | |
| DE | 91.239.24.81:6892 | udp | |
| DE | 91.239.24.82:6892 | udp | |
| DE | 91.239.24.83:6892 | udp | |
| DE | 91.239.24.84:6892 | udp | |
| DE | 91.239.24.85:6892 | udp | |
| DE | 91.239.24.86:6892 | udp | |
| DE | 91.239.24.87:6892 | udp | |
| DE | 91.239.24.88:6892 | udp | |
| DE | 91.239.24.89:6892 | udp | |
| DE | 91.239.24.90:6892 | udp | |
| DE | 91.239.24.91:6892 | udp | |
| DE | 91.239.24.92:6892 | udp | |
| DE | 91.239.24.93:6892 | udp | |
| DE | 91.239.24.94:6892 | udp | |
| DE | 91.239.24.95:6892 | udp | |
| DE | 91.239.24.96:6892 | udp | |
| DE | 91.239.24.97:6892 | udp | |
| DE | 91.239.24.98:6892 | udp | |
| DE | 91.239.24.99:6892 | udp | |
| DE | 91.239.24.100:6892 | udp | |
| DE | 91.239.24.101:6892 | udp | |
| DE | 91.239.24.102:6892 | udp | |
| DE | 91.239.24.103:6892 | udp | |
| DE | 91.239.24.104:6892 | udp | |
| DE | 91.239.24.105:6892 | udp | |
| DE | 91.239.24.106:6892 | udp | |
| DE | 91.239.24.107:6892 | udp | |
| DE | 91.239.24.108:6892 | udp | |
| DE | 91.239.24.109:6892 | udp | |
| DE | 91.239.24.110:6892 | udp | |
| DE | 91.239.24.111:6892 | udp | |
| DE | 91.239.24.112:6892 | udp | |
| DE | 91.239.24.113:6892 | udp | |
| DE | 91.239.24.114:6892 | udp | |
| DE | 91.239.24.115:6892 | udp | |
| DE | 91.239.24.116:6892 | udp | |
| DE | 91.239.24.117:6892 | udp | |
| DE | 91.239.24.118:6892 | udp | |
| DE | 91.239.24.119:6892 | udp | |
| DE | 91.239.24.120:6892 | udp | |
| DE | 91.239.24.121:6892 | udp | |
| DE | 91.239.24.122:6892 | udp | |
| DE | 91.239.24.123:6892 | udp | |
| DE | 91.239.24.124:6892 | udp | |
| DE | 91.239.24.125:6892 | udp | |
| DE | 91.239.24.126:6892 | udp | |
| DE | 91.239.24.127:6892 | udp | |
| DE | 91.239.24.128:6892 | udp | |
| DE | 91.239.24.129:6892 | udp | |
| DE | 91.239.24.130:6892 | udp | |
| DE | 91.239.24.131:6892 | udp | |
| DE | 91.239.24.132:6892 | udp | |
| DE | 91.239.24.133:6892 | udp | |
| DE | 91.239.24.134:6892 | udp | |
| DE | 91.239.24.135:6892 | udp | |
| DE | 91.239.24.136:6892 | udp | |
| DE | 91.239.24.137:6892 | udp | |
| DE | 91.239.24.138:6892 | udp | |
| DE | 91.239.24.139:6892 | udp | |
| DE | 91.239.24.140:6892 | udp | |
| DE | 91.239.24.141:6892 | udp | |
| DE | 91.239.24.142:6892 | udp | |
| DE | 91.239.24.143:6892 | udp | |
| DE | 91.239.24.144:6892 | udp | |
| DE | 91.239.24.145:6892 | udp | |
| DE | 91.239.24.146:6892 | udp | |
| DE | 91.239.24.147:6892 | udp | |
| DE | 91.239.24.148:6892 | udp | |
| DE | 91.239.24.149:6892 | udp | |
| DE | 91.239.24.150:6892 | udp | |
| DE | 91.239.24.151:6892 | udp | |
| DE | 91.239.24.152:6892 | udp | |
| DE | 91.239.24.153:6892 | udp | |
| DE | 91.239.24.154:6892 | udp | |
| DE | 91.239.24.155:6892 | udp | |
| DE | 91.239.24.156:6892 | udp | |
| DE | 91.239.24.157:6892 | udp | |
| DE | 91.239.24.158:6892 | udp | |
| DE | 91.239.24.159:6892 | udp | |
| DE | 91.239.24.160:6892 | udp | |
| DE | 91.239.24.161:6892 | udp | |
| DE | 91.239.24.162:6892 | udp | |
| DE | 91.239.24.163:6892 | udp | |
| DE | 91.239.24.164:6892 | udp | |
| DE | 91.239.24.165:6892 | udp | |
| DE | 91.239.24.166:6892 | udp | |
| DE | 91.239.24.167:6892 | udp | |
| DE | 91.239.24.168:6892 | udp | |
| DE | 91.239.24.169:6892 | udp | |
| DE | 91.239.24.170:6892 | udp | |
| DE | 91.239.24.171:6892 | udp | |
| DE | 91.239.24.172:6892 | udp | |
| DE | 91.239.24.173:6892 | udp | |
| DE | 91.239.24.174:6892 | udp | |
| DE | 91.239.24.175:6892 | udp | |
| DE | 91.239.24.176:6892 | udp | |
| DE | 91.239.24.177:6892 | udp | |
| DE | 91.239.24.178:6892 | udp | |
| DE | 91.239.24.179:6892 | udp | |
| DE | 91.239.24.180:6892 | udp | |
| DE | 91.239.24.181:6892 | udp | |
| DE | 91.239.24.182:6892 | udp | |
| DE | 91.239.24.183:6892 | udp | |
| DE | 91.239.24.184:6892 | udp | |
| DE | 91.239.24.185:6892 | udp | |
| DE | 91.239.24.186:6892 | udp | |
| DE | 91.239.24.187:6892 | udp | |
| DE | 91.239.24.188:6892 | udp | |
| DE | 91.239.24.189:6892 | udp | |
| DE | 91.239.24.190:6892 | udp | |
| DE | 91.239.24.191:6892 | udp | |
| DE | 91.239.24.192:6892 | udp | |
| DE | 91.239.24.193:6892 | udp | |
| DE | 91.239.24.194:6892 | udp | |
| DE | 91.239.24.195:6892 | udp | |
| DE | 91.239.24.196:6892 | udp | |
| DE | 91.239.24.197:6892 | udp | |
| DE | 91.239.24.198:6892 | udp | |
| DE | 91.239.24.199:6892 | udp | |
| DE | 91.239.24.200:6892 | udp | |
| DE | 91.239.24.201:6892 | udp | |
| DE | 91.239.24.202:6892 | udp | |
| DE | 91.239.24.203:6892 | udp | |
| DE | 91.239.24.204:6892 | udp | |
| DE | 91.239.24.205:6892 | udp | |
| DE | 91.239.24.206:6892 | udp | |
| DE | 91.239.24.207:6892 | udp | |
| DE | 91.239.24.208:6892 | udp | |
| DE | 91.239.24.209:6892 | udp | |
| DE | 91.239.24.210:6892 | udp | |
| DE | 91.239.24.211:6892 | udp | |
| DE | 91.239.24.212:6892 | udp | |
| DE | 91.239.24.213:6892 | udp | |
| DE | 91.239.24.214:6892 | udp | |
| DE | 91.239.24.215:6892 | udp | |
| DE | 91.239.24.216:6892 | udp | |
| DE | 91.239.24.217:6892 | udp | |
| DE | 91.239.24.218:6892 | udp | |
| DE | 91.239.24.219:6892 | udp | |
| DE | 91.239.24.220:6892 | udp | |
| DE | 91.239.24.221:6892 | udp | |
| DE | 91.239.24.222:6892 | udp | |
| DE | 91.239.24.223:6892 | udp | |
| DE | 91.239.24.224:6892 | udp | |
| DE | 91.239.24.225:6892 | udp | |
| DE | 91.239.24.226:6892 | udp | |
| DE | 91.239.24.227:6892 | udp | |
| DE | 91.239.24.228:6892 | udp | |
| DE | 91.239.24.229:6892 | udp | |
| DE | 91.239.24.230:6892 | udp | |
| DE | 91.239.24.231:6892 | udp | |
| DE | 91.239.24.232:6892 | udp | |
| DE | 91.239.24.233:6892 | udp | |
| DE | 91.239.24.234:6892 | udp | |
| DE | 91.239.24.235:6892 | udp | |
| DE | 91.239.24.236:6892 | udp | |
| DE | 91.239.24.237:6892 | udp | |
| DE | 91.239.24.238:6892 | udp | |
| DE | 91.239.24.239:6892 | udp | |
| DE | 91.239.24.240:6892 | udp | |
| DE | 91.239.24.241:6892 | udp | |
| DE | 91.239.24.242:6892 | udp | |
| DE | 91.239.24.243:6892 | udp | |
| DE | 91.239.24.244:6892 | udp | |
| DE | 91.239.24.245:6892 | udp | |
| DE | 91.239.24.246:6892 | udp | |
| DE | 91.239.24.247:6892 | udp | |
| DE | 91.239.24.248:6892 | udp | |
| DE | 91.239.24.249:6892 | udp | |
| DE | 91.239.24.250:6892 | udp | |
| DE | 91.239.24.251:6892 | udp | |
| DE | 91.239.24.252:6892 | udp | |
| DE | 91.239.24.253:6892 | udp | |
| DE | 91.239.24.254:6892 | udp | |
| DE | 91.239.24.255:6892 | udp | |
| NO | 91.239.25.0:6892 | udp | |
| NO | 91.239.25.1:6892 | udp | |
| NO | 91.239.25.2:6892 | udp | |
| NO | 91.239.25.3:6892 | udp | |
| NO | 91.239.25.4:6892 | udp | |
| NO | 91.239.25.5:6892 | udp | |
| NO | 91.239.25.6:6892 | udp | |
| NO | 91.239.25.7:6892 | udp | |
| NO | 91.239.25.8:6892 | udp | |
| NO | 91.239.25.9:6892 | udp | |
| NO | 91.239.25.10:6892 | udp | |
| NO | 91.239.25.11:6892 | udp | |
| NO | 91.239.25.12:6892 | udp | |
| NO | 91.239.25.13:6892 | udp | |
| NO | 91.239.25.14:6892 | udp | |
| NO | 91.239.25.15:6892 | udp | |
| NO | 91.239.25.16:6892 | udp | |
| NO | 91.239.25.17:6892 | udp | |
| NO | 91.239.25.18:6892 | udp | |
| NO | 91.239.25.19:6892 | udp | |
| NO | 91.239.25.20:6892 | udp | |
| NO | 91.239.25.21:6892 | udp | |
| NO | 91.239.25.22:6892 | udp | |
| NO | 91.239.25.23:6892 | udp | |
| NO | 91.239.25.24:6892 | udp | |
| NO | 91.239.25.25:6892 | udp | |
| NO | 91.239.25.26:6892 | udp | |
| NO | 91.239.25.27:6892 | udp | |
| NO | 91.239.25.28:6892 | udp | |
| NO | 91.239.25.29:6892 | udp | |
| NO | 91.239.25.30:6892 | udp | |
| NO | 91.239.25.31:6892 | udp | |
| NO | 91.239.25.32:6892 | udp | |
| NO | 91.239.25.33:6892 | udp | |
| NO | 91.239.25.34:6892 | udp | |
| NO | 91.239.25.35:6892 | udp | |
| NO | 91.239.25.36:6892 | udp | |
| NO | 91.239.25.37:6892 | udp | |
| NO | 91.239.25.38:6892 | udp | |
| NO | 91.239.25.39:6892 | udp | |
| NO | 91.239.25.40:6892 | udp | |
| NO | 91.239.25.41:6892 | udp | |
| NO | 91.239.25.42:6892 | udp | |
| NO | 91.239.25.43:6892 | udp | |
| NO | 91.239.25.44:6892 | udp | |
| NO | 91.239.25.45:6892 | udp | |
| NO | 91.239.25.46:6892 | udp | |
| NO | 91.239.25.47:6892 | udp | |
| NO | 91.239.25.48:6892 | udp | |
| NO | 91.239.25.49:6892 | udp | |
| NO | 91.239.25.50:6892 | udp | |
| NO | 91.239.25.51:6892 | udp | |
| NO | 91.239.25.52:6892 | udp | |
| NO | 91.239.25.53:6892 | udp | |
| NO | 91.239.25.54:6892 | udp | |
| NO | 91.239.25.55:6892 | udp | |
| NO | 91.239.25.56:6892 | udp | |
| NO | 91.239.25.57:6892 | udp | |
| NO | 91.239.25.58:6892 | udp | |
| NO | 91.239.25.59:6892 | udp | |
| NO | 91.239.25.60:6892 | udp | |
| NO | 91.239.25.61:6892 | udp | |
| NO | 91.239.25.62:6892 | udp | |
| NO | 91.239.25.63:6892 | udp | |
| NO | 91.239.25.64:6892 | udp | |
| NO | 91.239.25.65:6892 | udp | |
| NO | 91.239.25.66:6892 | udp | |
| NO | 91.239.25.67:6892 | udp | |
| NO | 91.239.25.68:6892 | udp | |
| NO | 91.239.25.69:6892 | udp | |
| NO | 91.239.25.70:6892 | udp | |
| NO | 91.239.25.71:6892 | udp | |
| NO | 91.239.25.72:6892 | udp | |
| NO | 91.239.25.73:6892 | udp | |
| NO | 91.239.25.74:6892 | udp | |
| NO | 91.239.25.75:6892 | udp | |
| NO | 91.239.25.76:6892 | udp | |
| NO | 91.239.25.77:6892 | udp | |
| NO | 91.239.25.78:6892 | udp | |
| NO | 91.239.25.79:6892 | udp | |
| NO | 91.239.25.80:6892 | udp | |
| NO | 91.239.25.81:6892 | udp | |
| NO | 91.239.25.82:6892 | udp | |
| NO | 91.239.25.83:6892 | udp | |
| NO | 91.239.25.84:6892 | udp | |
| NO | 91.239.25.85:6892 | udp | |
| NO | 91.239.25.86:6892 | udp | |
| NO | 91.239.25.87:6892 | udp | |
| NO | 91.239.25.88:6892 | udp | |
| NO | 91.239.25.89:6892 | udp | |
| NO | 91.239.25.90:6892 | udp | |
| NO | 91.239.25.91:6892 | udp | |
| NO | 91.239.25.92:6892 | udp | |
| NO | 91.239.25.93:6892 | udp | |
| NO | 91.239.25.94:6892 | udp | |
| NO | 91.239.25.95:6892 | udp | |
| NO | 91.239.25.96:6892 | udp | |
| NO | 91.239.25.97:6892 | udp | |
| NO | 91.239.25.98:6892 | udp | |
| NO | 91.239.25.99:6892 | udp | |
| NO | 91.239.25.100:6892 | udp | |
| NO | 91.239.25.101:6892 | udp | |
| NO | 91.239.25.102:6892 | udp | |
| NO | 91.239.25.103:6892 | udp | |
| NO | 91.239.25.104:6892 | udp | |
| NO | 91.239.25.105:6892 | udp | |
| NO | 91.239.25.106:6892 | udp | |
| NO | 91.239.25.107:6892 | udp | |
| NO | 91.239.25.108:6892 | udp | |
| NO | 91.239.25.109:6892 | udp | |
| NO | 91.239.25.110:6892 | udp | |
| NO | 91.239.25.111:6892 | udp | |
| NO | 91.239.25.112:6892 | udp | |
| NO | 91.239.25.113:6892 | udp | |
| NO | 91.239.25.114:6892 | udp | |
| NO | 91.239.25.115:6892 | udp | |
| NO | 91.239.25.116:6892 | udp | |
| NO | 91.239.25.117:6892 | udp | |
| NO | 91.239.25.118:6892 | udp | |
| NO | 91.239.25.119:6892 | udp | |
| NO | 91.239.25.120:6892 | udp | |
| NO | 91.239.25.121:6892 | udp | |
| NO | 91.239.25.122:6892 | udp | |
| NO | 91.239.25.123:6892 | udp | |
| NO | 91.239.25.124:6892 | udp | |
| NO | 91.239.25.125:6892 | udp | |
| NO | 91.239.25.126:6892 | udp | |
| NO | 91.239.25.127:6892 | udp | |
| NO | 91.239.25.128:6892 | udp | |
| NO | 91.239.25.129:6892 | udp | |
| NO | 91.239.25.130:6892 | udp | |
| NO | 91.239.25.131:6892 | udp | |
| NO | 91.239.25.132:6892 | udp | |
| NO | 91.239.25.133:6892 | udp | |
| NO | 91.239.25.134:6892 | udp | |
| NO | 91.239.25.135:6892 | udp | |
| NO | 91.239.25.136:6892 | udp | |
| NO | 91.239.25.137:6892 | udp | |
| NO | 91.239.25.138:6892 | udp | |
| NO | 91.239.25.139:6892 | udp | |
| NO | 91.239.25.140:6892 | udp | |
| NO | 91.239.25.141:6892 | udp | |
| NO | 91.239.25.142:6892 | udp | |
| NO | 91.239.25.143:6892 | udp | |
| NO | 91.239.25.144:6892 | udp | |
| NO | 91.239.25.145:6892 | udp | |
| NO | 91.239.25.146:6892 | udp | |
| NO | 91.239.25.147:6892 | udp | |
| NO | 91.239.25.148:6892 | udp | |
| NO | 91.239.25.149:6892 | udp | |
| NO | 91.239.25.150:6892 | udp | |
| NO | 91.239.25.151:6892 | udp | |
| NO | 91.239.25.152:6892 | udp | |
| NO | 91.239.25.153:6892 | udp | |
| NO | 91.239.25.154:6892 | udp | |
| NO | 91.239.25.155:6892 | udp | |
| NO | 91.239.25.156:6892 | udp | |
| NO | 91.239.25.157:6892 | udp | |
| NO | 91.239.25.158:6892 | udp | |
| NO | 91.239.25.159:6892 | udp | |
| NO | 91.239.25.160:6892 | udp | |
| NO | 91.239.25.161:6892 | udp | |
| NO | 91.239.25.162:6892 | udp | |
| NO | 91.239.25.163:6892 | udp | |
| NO | 91.239.25.164:6892 | udp | |
| NO | 91.239.25.165:6892 | udp | |
| NO | 91.239.25.166:6892 | udp | |
| NO | 91.239.25.167:6892 | udp | |
| NO | 91.239.25.168:6892 | udp | |
| NO | 91.239.25.169:6892 | udp | |
| NO | 91.239.25.170:6892 | udp | |
| NO | 91.239.25.171:6892 | udp | |
| NO | 91.239.25.172:6892 | udp | |
| NO | 91.239.25.173:6892 | udp | |
| NO | 91.239.25.174:6892 | udp | |
| NO | 91.239.25.175:6892 | udp | |
| NO | 91.239.25.176:6892 | udp | |
| NO | 91.239.25.177:6892 | udp | |
| NO | 91.239.25.178:6892 | udp | |
| NO | 91.239.25.179:6892 | udp | |
| NO | 91.239.25.180:6892 | udp | |
| NO | 91.239.25.181:6892 | udp | |
| NO | 91.239.25.182:6892 | udp | |
| NO | 91.239.25.183:6892 | udp | |
| NO | 91.239.25.184:6892 | udp | |
| NO | 91.239.25.185:6892 | udp | |
| NO | 91.239.25.186:6892 | udp | |
| NO | 91.239.25.187:6892 | udp | |
| NO | 91.239.25.188:6892 | udp | |
| NO | 91.239.25.189:6892 | udp | |
| NO | 91.239.25.190:6892 | udp | |
| NO | 91.239.25.191:6892 | udp | |
| NO | 91.239.25.192:6892 | udp | |
| NO | 91.239.25.193:6892 | udp | |
| NO | 91.239.25.194:6892 | udp | |
| NO | 91.239.25.195:6892 | udp | |
| NO | 91.239.25.196:6892 | udp | |
| NO | 91.239.25.197:6892 | udp | |
| NO | 91.239.25.198:6892 | udp | |
| NO | 91.239.25.199:6892 | udp | |
| NO | 91.239.25.200:6892 | udp | |
| NO | 91.239.25.201:6892 | udp | |
| NO | 91.239.25.202:6892 | udp | |
| NO | 91.239.25.203:6892 | udp | |
| NO | 91.239.25.204:6892 | udp | |
| NO | 91.239.25.205:6892 | udp | |
| NO | 91.239.25.206:6892 | udp | |
| NO | 91.239.25.207:6892 | udp | |
| NO | 91.239.25.208:6892 | udp | |
| NO | 91.239.25.209:6892 | udp | |
| NO | 91.239.25.210:6892 | udp | |
| NO | 91.239.25.211:6892 | udp | |
| NO | 91.239.25.212:6892 | udp | |
| NO | 91.239.25.213:6892 | udp | |
| NO | 91.239.25.214:6892 | udp | |
| NO | 91.239.25.215:6892 | udp | |
| NO | 91.239.25.216:6892 | udp | |
| NO | 91.239.25.217:6892 | udp | |
| NO | 91.239.25.218:6892 | udp | |
| NO | 91.239.25.219:6892 | udp | |
| NO | 91.239.25.220:6892 | udp | |
| NO | 91.239.25.221:6892 | udp | |
| NO | 91.239.25.222:6892 | udp | |
| NO | 91.239.25.223:6892 | udp | |
| NO | 91.239.25.224:6892 | udp | |
| NO | 91.239.25.225:6892 | udp | |
| NO | 91.239.25.226:6892 | udp | |
| NO | 91.239.25.227:6892 | udp | |
| NO | 91.239.25.228:6892 | udp | |
| NO | 91.239.25.229:6892 | udp | |
| NO | 91.239.25.230:6892 | udp | |
| NO | 91.239.25.231:6892 | udp | |
| NO | 91.239.25.232:6892 | udp | |
| NO | 91.239.25.233:6892 | udp | |
| NO | 91.239.25.234:6892 | udp | |
| NO | 91.239.25.235:6892 | udp | |
| NO | 91.239.25.236:6892 | udp | |
| NO | 91.239.25.237:6892 | udp | |
| NO | 91.239.25.238:6892 | udp | |
| NO | 91.239.25.239:6892 | udp | |
| NO | 91.239.25.240:6892 | udp | |
| NO | 91.239.25.241:6892 | udp | |
| NO | 91.239.25.242:6892 | udp | |
| NO | 91.239.25.243:6892 | udp | |
| NO | 91.239.25.244:6892 | udp | |
| NO | 91.239.25.245:6892 | udp | |
| NO | 91.239.25.246:6892 | udp | |
| NO | 91.239.25.247:6892 | udp | |
| NO | 91.239.25.248:6892 | udp | |
| NO | 91.239.25.249:6892 | udp | |
| NO | 91.239.25.250:6892 | udp | |
| NO | 91.239.25.251:6892 | udp | |
| NO | 91.239.25.252:6892 | udp | |
| NO | 91.239.25.253:6892 | udp | |
| NO | 91.239.25.254:6892 | udp | |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| NO | 91.239.25.255:6892 | udp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | www.informaticauno.net | udp |
| AR | 66.97.45.219:80 | www.informaticauno.net | tcp |
| US | 8.8.8.8:53 | cam-itour.info | udp |
| US | 8.8.8.8:53 | salaeigroup.com | udp |
| US | 8.8.8.8:53 | update.bissnes.org | udp |
| US | 8.8.8.8:53 | ahlanmedicalcentre.com | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 8.8.8.8:53 | specializedaccess.co.uk | udp |
| US | 8.8.8.8:53 | ikstrade.co.kr | udp |
| US | 104.16.236.243:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | edge-institut.org | udp |
| US | 104.16.236.243:443 | blockchain.info | tcp |
| US | 104.16.236.243:443 | blockchain.info | tcp |
| AR | 66.97.45.219:80 | www.informaticauno.net | tcp |
| US | 104.16.236.243:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | salesandmarketing101.net | udp |
| US | 8.8.8.8:53 | lutheranph.com | udp |
| US | 107.178.223.183:80 | lutheranph.com | tcp |
| US | 8.8.8.8:53 | dustywinslow.com | udp |
| US | 8.8.8.8:53 | lovemydress.pl | udp |
| FR | 51.255.107.10:80 | tcp | |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 104.77.118.72:80 | crl.microsoft.com | tcp |
| IN | 1.22.15.0:6892 | udp | |
| IN | 1.22.15.1:6892 | udp | |
| IN | 1.22.15.2:6892 | udp | |
| IN | 1.22.15.3:6892 | udp | |
| IN | 1.22.15.4:6892 | udp | |
| IN | 1.22.15.5:6892 | udp | |
| IN | 1.22.15.6:6892 | udp | |
| IN | 1.22.15.7:6892 | udp | |
| IN | 1.22.15.8:6892 | udp | |
| IN | 1.22.15.9:6892 | udp | |
| IN | 1.22.15.10:6892 | udp | |
| IN | 1.22.15.11:6892 | udp | |
| IN | 1.22.15.12:6892 | udp | |
| IN | 1.22.15.13:6892 | udp | |
| IN | 1.22.15.14:6892 | udp | |
| IN | 1.22.15.15:6892 | udp | |
| IN | 1.22.15.16:6892 | udp | |
| IN | 1.22.15.17:6892 | udp | |
| IN | 1.22.15.18:6892 | udp | |
| IN | 1.22.15.19:6892 | udp | |
| IN | 1.22.15.20:6892 | udp | |
| IN | 1.22.15.21:6892 | udp | |
| IN | 1.22.15.22:6892 | udp | |
| IN | 1.22.15.23:6892 | udp | |
| IN | 1.22.15.24:6892 | udp | |
| IN | 1.22.15.25:6892 | udp | |
| IN | 1.22.15.26:6892 | udp | |
| IN | 1.22.15.27:6892 | udp | |
| IN | 1.22.15.28:6892 | udp | |
| IN | 1.22.15.29:6892 | udp | |
| IN | 1.22.15.30:6892 | udp | |
| IN | 1.22.15.31:6892 | udp | |
| IT | 2.23.16.0:6892 | udp | |
| IT | 2.23.16.1:6892 | udp | |
| IT | 2.23.16.2:6892 | udp | |
| IT | 2.23.16.3:6892 | udp | |
| IT | 2.23.16.4:6892 | udp | |
| IT | 2.23.16.5:6892 | udp | |
| IT | 2.23.16.6:6892 | udp | |
| IT | 2.23.16.7:6892 | udp | |
| IT | 2.23.16.8:6892 | udp | |
| IT | 2.23.16.9:6892 | udp | |
| IT | 2.23.16.10:6892 | udp | |
| IT | 2.23.16.11:6892 | udp | |
| IT | 2.23.16.12:6892 | udp | |
| IT | 2.23.16.13:6892 | udp | |
| IT | 2.23.16.14:6892 | udp | |
| IT | 2.23.16.15:6892 | udp | |
| IT | 2.23.16.16:6892 | udp | |
| IT | 2.23.16.17:6892 | udp | |
| IT | 2.23.16.18:6892 | udp | |
| IT | 2.23.16.19:6892 | udp | |
| IT | 2.23.16.20:6892 | udp | |
| IT | 2.23.16.21:6892 | udp | |
| IT | 2.23.16.22:6892 | udp | |
| IT | 2.23.16.23:6892 | udp | |
| IT | 2.23.16.24:6892 | udp | |
| IT | 2.23.16.25:6892 | udp | |
| IT | 2.23.16.26:6892 | udp | |
| IT | 2.23.16.27:6892 | udp | |
| IT | 2.23.16.28:6892 | udp | |
| IT | 2.23.16.29:6892 | udp | |
| IT | 2.23.16.30:6892 | udp | |
| IT | 2.23.16.31:6892 | udp | |
| DE | 91.239.24.0:6892 | udp | |
| DE | 91.239.24.1:6892 | udp | |
| DE | 91.239.24.2:6892 | udp | |
| DE | 91.239.24.3:6892 | udp | |
| DE | 91.239.24.4:6892 | udp | |
| DE | 91.239.24.5:6892 | udp | |
| DE | 91.239.24.6:6892 | udp | |
| DE | 91.239.24.7:6892 | udp | |
| DE | 91.239.24.8:6892 | udp | |
| DE | 91.239.24.9:6892 | udp | |
| DE | 91.239.24.10:6892 | udp | |
| DE | 91.239.24.11:6892 | udp | |
| DE | 91.239.24.12:6892 | udp | |
| DE | 91.239.24.13:6892 | udp | |
| DE | 91.239.24.14:6892 | udp | |
| DE | 91.239.24.15:6892 | udp | |
| DE | 91.239.24.16:6892 | udp | |
| DE | 91.239.24.17:6892 | udp | |
| DE | 91.239.24.18:6892 | udp | |
| DE | 91.239.24.19:6892 | udp | |
| DE | 91.239.24.20:6892 | udp | |
| DE | 91.239.24.21:6892 | udp | |
| DE | 91.239.24.22:6892 | udp | |
| DE | 91.239.24.23:6892 | udp | |
| DE | 91.239.24.24:6892 | udp | |
| DE | 91.239.24.25:6892 | udp | |
| DE | 91.239.24.26:6892 | udp | |
| DE | 91.239.24.27:6892 | udp | |
| DE | 91.239.24.28:6892 | udp | |
| DE | 91.239.24.29:6892 | udp | |
| DE | 91.239.24.30:6892 | udp | |
| DE | 91.239.24.31:6892 | udp | |
| DE | 91.239.24.32:6892 | udp | |
| DE | 91.239.24.33:6892 | udp | |
| DE | 91.239.24.34:6892 | udp | |
| DE | 91.239.24.35:6892 | udp | |
| DE | 91.239.24.36:6892 | udp | |
| DE | 91.239.24.37:6892 | udp | |
| DE | 91.239.24.38:6892 | udp | |
| DE | 91.239.24.39:6892 | udp | |
| DE | 91.239.24.40:6892 | udp | |
| DE | 91.239.24.41:6892 | udp | |
| DE | 91.239.24.42:6892 | udp | |
| DE | 91.239.24.43:6892 | udp | |
| DE | 91.239.24.44:6892 | udp | |
| DE | 91.239.24.45:6892 | udp | |
| DE | 91.239.24.46:6892 | udp | |
| DE | 91.239.24.47:6892 | udp | |
| DE | 91.239.24.48:6892 | udp | |
| DE | 91.239.24.49:6892 | udp | |
| DE | 91.239.24.50:6892 | udp | |
| DE | 91.239.24.51:6892 | udp | |
| DE | 91.239.24.52:6892 | udp | |
| DE | 91.239.24.53:6892 | udp | |
| DE | 91.239.24.54:6892 | udp | |
| DE | 91.239.24.55:6892 | udp | |
| DE | 91.239.24.56:6892 | udp | |
| DE | 91.239.24.57:6892 | udp | |
| DE | 91.239.24.58:6892 | udp | |
| DE | 91.239.24.59:6892 | udp | |
| DE | 91.239.24.60:6892 | udp | |
| DE | 91.239.24.61:6892 | udp | |
| DE | 91.239.24.62:6892 | udp | |
| DE | 91.239.24.63:6892 | udp | |
| DE | 91.239.24.64:6892 | udp | |
| DE | 91.239.24.65:6892 | udp | |
| DE | 91.239.24.66:6892 | udp | |
| DE | 91.239.24.67:6892 | udp | |
| DE | 91.239.24.68:6892 | udp | |
| DE | 91.239.24.69:6892 | udp | |
| DE | 91.239.24.70:6892 | udp | |
| DE | 91.239.24.71:6892 | udp | |
| DE | 91.239.24.72:6892 | udp | |
| DE | 91.239.24.73:6892 | udp | |
| DE | 91.239.24.74:6892 | udp | |
| DE | 91.239.24.75:6892 | udp | |
| DE | 91.239.24.76:6892 | udp | |
| DE | 91.239.24.77:6892 | udp | |
| DE | 91.239.24.78:6892 | udp | |
| DE | 91.239.24.79:6892 | udp | |
| DE | 91.239.24.80:6892 | udp | |
| DE | 91.239.24.81:6892 | udp | |
| DE | 91.239.24.82:6892 | udp | |
| DE | 91.239.24.83:6892 | udp | |
| DE | 91.239.24.84:6892 | udp | |
| DE | 91.239.24.85:6892 | udp | |
| DE | 91.239.24.86:6892 | udp | |
| DE | 91.239.24.87:6892 | udp | |
| DE | 91.239.24.88:6892 | udp | |
| DE | 91.239.24.89:6892 | udp | |
| DE | 91.239.24.90:6892 | udp | |
| DE | 91.239.24.91:6892 | udp | |
| DE | 91.239.24.92:6892 | udp | |
| DE | 91.239.24.93:6892 | udp | |
| DE | 91.239.24.94:6892 | udp | |
| DE | 91.239.24.95:6892 | udp | |
| DE | 91.239.24.96:6892 | udp | |
| DE | 91.239.24.97:6892 | udp | |
| DE | 91.239.24.98:6892 | udp | |
| DE | 91.239.24.99:6892 | udp | |
| DE | 91.239.24.100:6892 | udp | |
| DE | 91.239.24.101:6892 | udp | |
| DE | 91.239.24.102:6892 | udp | |
| DE | 91.239.24.103:6892 | udp | |
| DE | 91.239.24.104:6892 | udp | |
| DE | 91.239.24.105:6892 | udp | |
| DE | 91.239.24.106:6892 | udp | |
| DE | 91.239.24.107:6892 | udp | |
| DE | 91.239.24.108:6892 | udp | |
| DE | 91.239.24.109:6892 | udp | |
| DE | 91.239.24.110:6892 | udp | |
| DE | 91.239.24.111:6892 | udp | |
| DE | 91.239.24.112:6892 | udp | |
| DE | 91.239.24.113:6892 | udp | |
| DE | 91.239.24.114:6892 | udp | |
| DE | 91.239.24.115:6892 | udp | |
| DE | 91.239.24.116:6892 | udp | |
| DE | 91.239.24.117:6892 | udp | |
| DE | 91.239.24.118:6892 | udp | |
| DE | 91.239.24.119:6892 | udp | |
| DE | 91.239.24.120:6892 | udp | |
| DE | 91.239.24.121:6892 | udp | |
| DE | 91.239.24.122:6892 | udp | |
| DE | 91.239.24.123:6892 | udp | |
| DE | 91.239.24.124:6892 | udp | |
| DE | 91.239.24.125:6892 | udp | |
| DE | 91.239.24.126:6892 | udp | |
| DE | 91.239.24.127:6892 | udp | |
| DE | 91.239.24.128:6892 | udp | |
| DE | 91.239.24.129:6892 | udp | |
| DE | 91.239.24.130:6892 | udp | |
| DE | 91.239.24.131:6892 | udp | |
| DE | 91.239.24.132:6892 | udp | |
| DE | 91.239.24.133:6892 | udp | |
| DE | 91.239.24.134:6892 | udp | |
| DE | 91.239.24.135:6892 | udp | |
| DE | 91.239.24.136:6892 | udp | |
| DE | 91.239.24.137:6892 | udp | |
| DE | 91.239.24.138:6892 | udp | |
| DE | 91.239.24.139:6892 | udp | |
| DE | 91.239.24.140:6892 | udp | |
| DE | 91.239.24.141:6892 | udp | |
| DE | 91.239.24.142:6892 | udp | |
| DE | 91.239.24.143:6892 | udp | |
| DE | 91.239.24.144:6892 | udp | |
| DE | 91.239.24.145:6892 | udp | |
| DE | 91.239.24.146:6892 | udp | |
| DE | 91.239.24.147:6892 | udp | |
| DE | 91.239.24.148:6892 | udp | |
| DE | 91.239.24.149:6892 | udp | |
| DE | 91.239.24.150:6892 | udp | |
| DE | 91.239.24.151:6892 | udp | |
| DE | 91.239.24.152:6892 | udp | |
| DE | 91.239.24.153:6892 | udp | |
| DE | 91.239.24.154:6892 | udp | |
| DE | 91.239.24.155:6892 | udp | |
| DE | 91.239.24.156:6892 | udp | |
| DE | 91.239.24.157:6892 | udp | |
| DE | 91.239.24.158:6892 | udp | |
| DE | 91.239.24.159:6892 | udp | |
| DE | 91.239.24.160:6892 | udp | |
| DE | 91.239.24.161:6892 | udp | |
| DE | 91.239.24.162:6892 | udp | |
| DE | 91.239.24.163:6892 | udp | |
| DE | 91.239.24.164:6892 | udp | |
| DE | 91.239.24.165:6892 | udp | |
| DE | 91.239.24.166:6892 | udp | |
| DE | 91.239.24.167:6892 | udp | |
| DE | 91.239.24.168:6892 | udp | |
| DE | 91.239.24.169:6892 | udp | |
| DE | 91.239.24.170:6892 | udp | |
| DE | 91.239.24.171:6892 | udp | |
| DE | 91.239.24.172:6892 | udp | |
| DE | 91.239.24.173:6892 | udp | |
| DE | 91.239.24.174:6892 | udp | |
| DE | 91.239.24.175:6892 | udp | |
| DE | 91.239.24.176:6892 | udp | |
| DE | 91.239.24.177:6892 | udp | |
| DE | 91.239.24.178:6892 | udp | |
| DE | 91.239.24.179:6892 | udp | |
| DE | 91.239.24.180:6892 | udp | |
| DE | 91.239.24.181:6892 | udp | |
| DE | 91.239.24.182:6892 | udp | |
| DE | 91.239.24.183:6892 | udp | |
| DE | 91.239.24.184:6892 | udp | |
| DE | 91.239.24.185:6892 | udp | |
| DE | 91.239.24.186:6892 | udp | |
| DE | 91.239.24.187:6892 | udp | |
| DE | 91.239.24.188:6892 | udp | |
| DE | 91.239.24.189:6892 | udp | |
| DE | 91.239.24.190:6892 | udp | |
| DE | 91.239.24.191:6892 | udp | |
| DE | 91.239.24.192:6892 | udp | |
| DE | 91.239.24.193:6892 | udp | |
| DE | 91.239.24.194:6892 | udp | |
| DE | 91.239.24.195:6892 | udp | |
| DE | 91.239.24.196:6892 | udp | |
| DE | 91.239.24.197:6892 | udp | |
| DE | 91.239.24.198:6892 | udp | |
| DE | 91.239.24.199:6892 | udp | |
| DE | 91.239.24.200:6892 | udp | |
| DE | 91.239.24.201:6892 | udp | |
| DE | 91.239.24.202:6892 | udp | |
| DE | 91.239.24.203:6892 | udp | |
| DE | 91.239.24.204:6892 | udp | |
| DE | 91.239.24.205:6892 | udp | |
| DE | 91.239.24.206:6892 | udp | |
| DE | 91.239.24.207:6892 | udp | |
| DE | 91.239.24.208:6892 | udp | |
| DE | 91.239.24.209:6892 | udp | |
| DE | 91.239.24.210:6892 | udp | |
| DE | 91.239.24.211:6892 | udp | |
| DE | 91.239.24.212:6892 | udp | |
| DE | 91.239.24.213:6892 | udp | |
| DE | 91.239.24.214:6892 | udp | |
| DE | 91.239.24.215:6892 | udp | |
| DE | 91.239.24.216:6892 | udp | |
| DE | 91.239.24.217:6892 | udp | |
| DE | 91.239.24.218:6892 | udp | |
| DE | 91.239.24.219:6892 | udp | |
| DE | 91.239.24.220:6892 | udp | |
| DE | 91.239.24.221:6892 | udp | |
| DE | 91.239.24.222:6892 | udp | |
| DE | 91.239.24.223:6892 | udp | |
| DE | 91.239.24.224:6892 | udp | |
| DE | 91.239.24.225:6892 | udp | |
| DE | 91.239.24.226:6892 | udp | |
| DE | 91.239.24.227:6892 | udp | |
| DE | 91.239.24.228:6892 | udp | |
| DE | 91.239.24.229:6892 | udp | |
| DE | 91.239.24.230:6892 | udp | |
| DE | 91.239.24.231:6892 | udp | |
| DE | 91.239.24.232:6892 | udp | |
| DE | 91.239.24.233:6892 | udp | |
| DE | 91.239.24.234:6892 | udp | |
| DE | 91.239.24.235:6892 | udp | |
| DE | 91.239.24.236:6892 | udp | |
| DE | 91.239.24.237:6892 | udp | |
| DE | 91.239.24.238:6892 | udp | |
| DE | 91.239.24.239:6892 | udp | |
| DE | 91.239.24.240:6892 | udp | |
| DE | 91.239.24.241:6892 | udp | |
| DE | 91.239.24.242:6892 | udp | |
| DE | 91.239.24.243:6892 | udp | |
| DE | 91.239.24.244:6892 | udp | |
| DE | 91.239.24.245:6892 | udp | |
| DE | 91.239.24.246:6892 | udp | |
| DE | 91.239.24.247:6892 | udp | |
| DE | 91.239.24.248:6892 | udp | |
| DE | 91.239.24.249:6892 | udp | |
| DE | 91.239.24.250:6892 | udp | |
| DE | 91.239.24.251:6892 | udp | |
| DE | 91.239.24.252:6892 | udp | |
| DE | 91.239.24.253:6892 | udp | |
| DE | 91.239.24.254:6892 | udp | |
| DE | 91.239.24.255:6892 | udp | |
| NO | 91.239.25.0:6892 | udp | |
| NO | 91.239.25.1:6892 | udp | |
| NO | 91.239.25.2:6892 | udp | |
| NO | 91.239.25.3:6892 | udp | |
| NO | 91.239.25.4:6892 | udp | |
| NO | 91.239.25.5:6892 | udp | |
| NO | 91.239.25.6:6892 | udp | |
| NO | 91.239.25.7:6892 | udp | |
| NO | 91.239.25.8:6892 | udp | |
| NO | 91.239.25.9:6892 | udp | |
| NO | 91.239.25.10:6892 | udp | |
| NO | 91.239.25.11:6892 | udp | |
| NO | 91.239.25.12:6892 | udp | |
| NO | 91.239.25.13:6892 | udp | |
| NO | 91.239.25.14:6892 | udp | |
| NO | 91.239.25.15:6892 | udp | |
| NO | 91.239.25.16:6892 | udp | |
| NO | 91.239.25.17:6892 | udp | |
| NO | 91.239.25.18:6892 | udp | |
| NO | 91.239.25.19:6892 | udp | |
| NO | 91.239.25.20:6892 | udp | |
| NO | 91.239.25.21:6892 | udp | |
| NO | 91.239.25.22:6892 | udp | |
| NO | 91.239.25.23:6892 | udp | |
| NO | 91.239.25.24:6892 | udp | |
| NO | 91.239.25.25:6892 | udp | |
| NO | 91.239.25.26:6892 | udp | |
| NO | 91.239.25.27:6892 | udp | |
| NO | 91.239.25.28:6892 | udp | |
| NO | 91.239.25.29:6892 | udp | |
| NO | 91.239.25.30:6892 | udp | |
| NO | 91.239.25.31:6892 | udp | |
| NO | 91.239.25.32:6892 | udp | |
| NO | 91.239.25.33:6892 | udp | |
| NO | 91.239.25.34:6892 | udp | |
| NO | 91.239.25.35:6892 | udp | |
| NO | 91.239.25.36:6892 | udp | |
| NO | 91.239.25.37:6892 | udp | |
| NO | 91.239.25.38:6892 | udp | |
| NO | 91.239.25.39:6892 | udp | |
| NO | 91.239.25.40:6892 | udp | |
| NO | 91.239.25.41:6892 | udp | |
| NO | 91.239.25.42:6892 | udp | |
| NO | 91.239.25.43:6892 | udp | |
| NO | 91.239.25.44:6892 | udp | |
| NO | 91.239.25.45:6892 | udp | |
| NO | 91.239.25.46:6892 | udp | |
| NO | 91.239.25.47:6892 | udp | |
| NO | 91.239.25.48:6892 | udp | |
| NO | 91.239.25.49:6892 | udp | |
| NO | 91.239.25.50:6892 | udp | |
| NO | 91.239.25.51:6892 | udp | |
| NO | 91.239.25.52:6892 | udp | |
| NO | 91.239.25.53:6892 | udp | |
| NO | 91.239.25.54:6892 | udp | |
| NO | 91.239.25.55:6892 | udp | |
| NO | 91.239.25.56:6892 | udp | |
| NO | 91.239.25.57:6892 | udp | |
| NO | 91.239.25.58:6892 | udp | |
| NO | 91.239.25.59:6892 | udp | |
| NO | 91.239.25.60:6892 | udp | |
| NO | 91.239.25.61:6892 | udp | |
| NO | 91.239.25.62:6892 | udp | |
| NO | 91.239.25.63:6892 | udp | |
| NO | 91.239.25.64:6892 | udp | |
| NO | 91.239.25.65:6892 | udp | |
| NO | 91.239.25.66:6892 | udp | |
| NO | 91.239.25.67:6892 | udp | |
| NO | 91.239.25.68:6892 | udp | |
| NO | 91.239.25.69:6892 | udp | |
| NO | 91.239.25.70:6892 | udp | |
| NO | 91.239.25.71:6892 | udp | |
| NO | 91.239.25.72:6892 | udp | |
| NO | 91.239.25.73:6892 | udp | |
| NO | 91.239.25.74:6892 | udp | |
| NO | 91.239.25.75:6892 | udp | |
| NO | 91.239.25.76:6892 | udp | |
| NO | 91.239.25.77:6892 | udp | |
| NO | 91.239.25.78:6892 | udp | |
| NO | 91.239.25.79:6892 | udp | |
| NO | 91.239.25.80:6892 | udp | |
| NO | 91.239.25.81:6892 | udp | |
| NO | 91.239.25.82:6892 | udp | |
| NO | 91.239.25.83:6892 | udp | |
| NO | 91.239.25.84:6892 | udp | |
| NO | 91.239.25.85:6892 | udp | |
| NO | 91.239.25.86:6892 | udp | |
| NO | 91.239.25.87:6892 | udp | |
| NO | 91.239.25.88:6892 | udp | |
| NO | 91.239.25.89:6892 | udp | |
| NO | 91.239.25.90:6892 | udp | |
| NO | 91.239.25.91:6892 | udp | |
| NO | 91.239.25.92:6892 | udp | |
| NO | 91.239.25.93:6892 | udp | |
| NO | 91.239.25.94:6892 | udp | |
| NO | 91.239.25.95:6892 | udp | |
| NO | 91.239.25.96:6892 | udp | |
| NO | 91.239.25.97:6892 | udp | |
| NO | 91.239.25.98:6892 | udp | |
| NO | 91.239.25.99:6892 | udp | |
| NO | 91.239.25.100:6892 | udp | |
| NO | 91.239.25.101:6892 | udp | |
| NO | 91.239.25.102:6892 | udp | |
| NO | 91.239.25.103:6892 | udp | |
| NO | 91.239.25.104:6892 | udp | |
| NO | 91.239.25.105:6892 | udp | |
| NO | 91.239.25.106:6892 | udp | |
| NO | 91.239.25.107:6892 | udp | |
| NO | 91.239.25.108:6892 | udp | |
| NO | 91.239.25.109:6892 | udp | |
| NO | 91.239.25.110:6892 | udp | |
| NO | 91.239.25.111:6892 | udp | |
| NO | 91.239.25.112:6892 | udp | |
| NO | 91.239.25.113:6892 | udp | |
| NO | 91.239.25.114:6892 | udp | |
| NO | 91.239.25.115:6892 | udp | |
| NO | 91.239.25.116:6892 | udp | |
| NO | 91.239.25.117:6892 | udp | |
| NO | 91.239.25.118:6892 | udp | |
| NO | 91.239.25.119:6892 | udp | |
| NO | 91.239.25.120:6892 | udp | |
| NO | 91.239.25.121:6892 | udp | |
| NO | 91.239.25.122:6892 | udp | |
| NO | 91.239.25.123:6892 | udp | |
| NO | 91.239.25.124:6892 | udp | |
| NO | 91.239.25.125:6892 | udp | |
| NO | 91.239.25.126:6892 | udp | |
| NO | 91.239.25.127:6892 | udp | |
| NO | 91.239.25.128:6892 | udp | |
| NO | 91.239.25.129:6892 | udp | |
| NO | 91.239.25.130:6892 | udp | |
| NO | 91.239.25.131:6892 | udp | |
| NO | 91.239.25.132:6892 | udp | |
| NO | 91.239.25.133:6892 | udp | |
| NO | 91.239.25.134:6892 | udp | |
| NO | 91.239.25.135:6892 | udp | |
| NO | 91.239.25.136:6892 | udp | |
| NO | 91.239.25.137:6892 | udp | |
| NO | 91.239.25.138:6892 | udp | |
| NO | 91.239.25.139:6892 | udp | |
| NO | 91.239.25.140:6892 | udp | |
| NO | 91.239.25.141:6892 | udp | |
| NO | 91.239.25.142:6892 | udp | |
| NO | 91.239.25.143:6892 | udp | |
| NO | 91.239.25.144:6892 | udp | |
| NO | 91.239.25.145:6892 | udp | |
| NO | 91.239.25.146:6892 | udp | |
| NO | 91.239.25.147:6892 | udp | |
| NO | 91.239.25.148:6892 | udp | |
| NO | 91.239.25.149:6892 | udp | |
| NO | 91.239.25.150:6892 | udp | |
| NO | 91.239.25.151:6892 | udp | |
| NO | 91.239.25.152:6892 | udp | |
| NO | 91.239.25.153:6892 | udp | |
| NO | 91.239.25.154:6892 | udp | |
| NO | 91.239.25.155:6892 | udp | |
| NO | 91.239.25.156:6892 | udp | |
| NO | 91.239.25.157:6892 | udp | |
| NO | 91.239.25.158:6892 | udp | |
| NO | 91.239.25.159:6892 | udp | |
| NO | 91.239.25.160:6892 | udp | |
| NO | 91.239.25.161:6892 | udp | |
| NO | 91.239.25.162:6892 | udp | |
| NO | 91.239.25.163:6892 | udp | |
| NO | 91.239.25.164:6892 | udp | |
| NO | 91.239.25.165:6892 | udp | |
| NO | 91.239.25.166:6892 | udp | |
| NO | 91.239.25.167:6892 | udp | |
| NO | 91.239.25.168:6892 | udp | |
| NO | 91.239.25.169:6892 | udp | |
| NO | 91.239.25.170:6892 | udp | |
| NO | 91.239.25.171:6892 | udp | |
| NO | 91.239.25.172:6892 | udp | |
| NO | 91.239.25.173:6892 | udp | |
| NO | 91.239.25.174:6892 | udp | |
| NO | 91.239.25.175:6892 | udp | |
| NO | 91.239.25.176:6892 | udp | |
| NO | 91.239.25.177:6892 | udp | |
| NO | 91.239.25.178:6892 | udp | |
| NO | 91.239.25.179:6892 | udp | |
| NO | 91.239.25.180:6892 | udp | |
| NO | 91.239.25.181:6892 | udp | |
| NO | 91.239.25.182:6892 | udp | |
| NO | 91.239.25.183:6892 | udp | |
| NO | 91.239.25.184:6892 | udp | |
| NO | 91.239.25.185:6892 | udp | |
| NO | 91.239.25.186:6892 | udp | |
| NO | 91.239.25.187:6892 | udp | |
| NO | 91.239.25.188:6892 | udp | |
| NO | 91.239.25.189:6892 | udp | |
| NO | 91.239.25.190:6892 | udp | |
| NO | 91.239.25.191:6892 | udp | |
| NO | 91.239.25.192:6892 | udp | |
| NO | 91.239.25.193:6892 | udp | |
| NO | 91.239.25.194:6892 | udp | |
| NO | 91.239.25.195:6892 | udp | |
| NO | 91.239.25.196:6892 | udp | |
| NO | 91.239.25.197:6892 | udp | |
| NO | 91.239.25.198:6892 | udp | |
| NO | 91.239.25.199:6892 | udp | |
| NO | 91.239.25.200:6892 | udp | |
| NO | 91.239.25.201:6892 | udp | |
| NO | 91.239.25.202:6892 | udp | |
| NO | 91.239.25.203:6892 | udp | |
| NO | 91.239.25.204:6892 | udp | |
| NO | 91.239.25.205:6892 | udp | |
| NO | 91.239.25.206:6892 | udp | |
| NO | 91.239.25.207:6892 | udp | |
| NO | 91.239.25.208:6892 | udp | |
| NO | 91.239.25.209:6892 | udp | |
| NO | 91.239.25.210:6892 | udp | |
| NO | 91.239.25.211:6892 | udp | |
| NO | 91.239.25.212:6892 | udp | |
| NO | 91.239.25.213:6892 | udp | |
| NO | 91.239.25.214:6892 | udp | |
| NO | 91.239.25.215:6892 | udp | |
| NO | 91.239.25.216:6892 | udp | |
| NO | 91.239.25.217:6892 | udp | |
| NO | 91.239.25.218:6892 | udp | |
| NO | 91.239.25.219:6892 | udp | |
| NO | 91.239.25.220:6892 | udp | |
| NO | 91.239.25.221:6892 | udp | |
| NO | 91.239.25.222:6892 | udp | |
| NO | 91.239.25.223:6892 | udp | |
| NO | 91.239.25.224:6892 | udp | |
| NO | 91.239.25.225:6892 | udp | |
| NO | 91.239.25.226:6892 | udp | |
| NO | 91.239.25.227:6892 | udp | |
| NO | 91.239.25.228:6892 | udp | |
| NO | 91.239.25.229:6892 | udp | |
| NO | 91.239.25.230:6892 | udp | |
| NO | 91.239.25.231:6892 | udp | |
| NO | 91.239.25.232:6892 | udp | |
| NO | 91.239.25.233:6892 | udp | |
| NO | 91.239.25.234:6892 | udp | |
| NO | 91.239.25.235:6892 | udp | |
| NO | 91.239.25.236:6892 | udp | |
| NO | 91.239.25.237:6892 | udp | |
| NO | 91.239.25.238:6892 | udp | |
| NO | 91.239.25.239:6892 | udp | |
| NO | 91.239.25.240:6892 | udp | |
| NO | 91.239.25.241:6892 | udp | |
| NO | 91.239.25.242:6892 | udp | |
| NO | 91.239.25.243:6892 | udp | |
| NO | 91.239.25.244:6892 | udp | |
| NO | 91.239.25.245:6892 | udp | |
| NO | 91.239.25.246:6892 | udp | |
| NO | 91.239.25.247:6892 | udp | |
| NO | 91.239.25.248:6892 | udp | |
| NO | 91.239.25.249:6892 | udp | |
| NO | 91.239.25.250:6892 | udp | |
| NO | 91.239.25.251:6892 | udp | |
| NO | 91.239.25.252:6892 | udp | |
| NO | 91.239.25.253:6892 | udp | |
| NO | 91.239.25.254:6892 | udp | |
| NL | 109.234.36.12:80 | tcp | |
| NO | 91.239.25.255:6892 | udp | |
| UA | 193.32.68.48:80 | tcp | |
| US | 8.8.8.8:53 | dsnmont.at | udp |
| BG | 91.210.166.51:80 | tcp | |
| FR | 193.70.86.51:80 | 193.70.86.51 | tcp |
| PS | 176.121.14.95:80 | tcp | |
| NL | 37.139.27.52:80 | tcp | |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.99.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 98.95.183.150:5323 | udp | |
| DE | 193.23.244.244:443 | tcp | |
| NL | 109.234.36.12:80 | tcp | |
| UA | 193.32.68.48:80 | tcp | |
| PS | 176.121.14.95:80 | tcp | |
| BG | 91.210.166.51:80 | tcp | |
| AU | 203.45.140.224:7361 | udp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.16.233.202:80 | www.microsoft.com | tcp |
| FR | 51.254.181.122:80 | tcp | |
| BE | 213.219.135.125:5172 | udp | |
| CA | 174.6.141.85:4882 | udp | |
| CN | 122.78.227.124:80 | tcp | |
| KR | 27.162.155.188:80 | tcp | |
| NL | 109.234.36.12:80 | tcp | |
| US | 215.160.219.232:80 | tcp | |
| US | 75.238.42.74:80 | tcp | |
| RU | 188.127.231.116:80 | 188.127.231.116 | tcp |
| US | 216.194.254.26:80 | tcp | |
| FR | 51.255.107.8:80 | tcp | |
| US | 21.194.161.246:80 | tcp | |
| US | 65.75.5.151:8080 | tcp | |
| US | 68.31.191.113:80 | tcp | |
| US | 70.240.248.252:443 | tcp | |
| CN | 219.141.132.126:80 | tcp | |
| JP | 35.77.184.134:80 | tcp | |
| BR | 189.40.30.223:80 | tcp | |
| JP | 111.169.160.164:8080 | tcp | |
| JP | 121.117.130.173:80 | tcp | |
| US | 155.178.138.217:80 | tcp | |
| US | 3.203.20.162:80 | tcp | |
| SE | 195.198.45.50:80 | tcp | |
| SG | 43.17.21.189:80 | tcp | |
| US | 9.3.213.247:80 | tcp | |
| US | 162.103.89.55:80 | tcp | |
| FR | 195.83.221.75:80 | tcp | |
| US | 170.19.145.158:80 | tcp | |
| US | 30.8.72.27:80 | tcp | |
| US | 165.121.244.187:80 | tcp | |
| BR | 177.108.135.75:80 | tcp | |
| CH | 85.7.64.166:80 | tcp | |
| US | 154.53.125.59:80 | tcp | |
| KR | 116.38.8.197:80 | tcp | |
| US | 164.99.50.42:80 | tcp | |
| US | 146.244.43.216:80 | tcp | |
| US | 16.253.153.14:443 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BR | 186.207.245.42:80 | tcp | |
| KR | 210.119.234.135:80 | tcp | |
| FR | 149.202.109.205:80 | tcp | |
| DE | 80.136.19.137:8080 | tcp | |
| US | 72.109.129.66:80 | tcp | |
| KZ | 78.40.108.39:80 | tcp | |
| US | 26.97.164.21:80 | tcp | |
| US | 136.131.20.120:80 | tcp | |
| US | 99.183.219.19:80 | tcp | |
| US | 166.5.40.224:80 | tcp | |
| CN | 61.236.61.81:80 | tcp | |
| CN | 125.34.137.144:80 | tcp | |
| US | 206.127.137.45:80 | tcp | |
| US | 137.80.37.255:80 | tcp | |
| US | 66.76.34.107:80 | tcp | |
| US | 22.103.80.137:80 | tcp | |
| AO | 197.217.84.214:80 | tcp | |
| US | 96.185.250.56:80 | tcp | |
| US | 165.239.227.6:80 | tcp | |
| US | 161.31.255.125:80 | tcp | |
| CA | 75.119.236.3:80 | tcp | |
| US | 68.111.254.107:443 | tcp | |
| US | 135.14.84.32:80 | tcp | |
| CN | 122.138.185.197:443 | tcp | |
| DE | 141.67.24.200:80 | tcp | |
| US | 19.103.238.112:80 | tcp | |
| CA | 131.195.100.68:80 | tcp | |
| US | 167.224.18.10:80 | tcp | |
| TR | 176.235.87.16:80 | tcp | |
| US | 15.233.96.204:80 | tcp | |
| IR | 176.65.211.236:80 | tcp | |
| JP | 126.93.172.152:80 | tcp | |
| US | 73.227.175.9:80 | tcp |
Files
memory/2516-42-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2516-43-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2516-44-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-0c652a4108820f8b448d92cd5881ae30d85267e5a3c139881c89cc1735cd9767.exe
| MD5 | 794a556c1a98f70673a5ba3ed791382f |
| SHA1 | 586712b64964d9be1aef27f01e5aa7e545012e3f |
| SHA256 | 0c652a4108820f8b448d92cd5881ae30d85267e5a3c139881c89cc1735cd9767 |
| SHA512 | 01098fe90d60b4f1a0e7c4c057f2645b979107e0e50bf33296df35910fe42cd998133e012e05eb9023dd402791d3a5d988c695a6fa741eb2c84d8e837753bcdd |
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-9a370a5b9fc8c3928f0d9e3881db4b79a1f020c2ff042d3ef9f9672f22ac9316.exe
| MD5 | c44e3c2a4b78303640f92023ba726212 |
| SHA1 | d956e7910e0ad8eb3ff126397b063b06ab03ac77 |
| SHA256 | 9a370a5b9fc8c3928f0d9e3881db4b79a1f020c2ff042d3ef9f9672f22ac9316 |
| SHA512 | fb1a91ecd2141aa24c2b5be5bb6b7d16e4b84706db40d3216de386a5676495e46f6a9552c9931ef21eba6f94a4130b63f8334dc27b23237caf500b8eb76c7336 |
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Agent.gen-2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23.exe
| MD5 | ef419cf15311411266129f20f6b5a613 |
| SHA1 | ee94b1aa2578519c13d40101895d72054e048930 |
| SHA256 | 2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23 |
| SHA512 | e06fdd69e99ceb9691e7b3f7d5f827adf95e56a7272c75ce3eb4bcb50832bcd598df2e1ee6f55f1290df2fce0517f6a90ff8b8dd3192d57284efc1d092ec98d9 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Bitman.qmf-88491874dceb0139df6807591535dbfb39807af6a35b834288a3864164ec128f.exe
| MD5 | 24bd225cabc59a5b95ffac6b730831f1 |
| SHA1 | 5e5c99c5d76b0c5cb1825e36270c28c5282b7801 |
| SHA256 | 88491874dceb0139df6807591535dbfb39807af6a35b834288a3864164ec128f |
| SHA512 | 591027c23f24013ab660c04f02a6ff8cd7ac9e6371cd39028b28eede0f4aeb21e9fb55971a51c685e96a57f502ba1fc0ef4ec23c2c440e5e7fd46a40b554e433 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.meia-f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0.exe
| MD5 | 80f2c45c6c63723490d056745311af48 |
| SHA1 | dd9aaf917bb8a6a55d711f83c628f83b1332f441 |
| SHA256 | f2ec1dfc582bd19a59866f0c7d3f8d965d90330a12ea526069739b5ae85a4ad0 |
| SHA512 | b223da8dca41e365b588e88a86fc0f70cd0cbf7a68b59e471cb0ccbebd2968483fd1dde60894c64b0e9358da5b565e9169e545d632d40d79149d405a6a47236e |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Foreign.gxos-e1331443022e01a46ecea061403318ec84dd1747430e2cc98accb67fe44b58e8.exe
| MD5 | 5d15839404b06e18b939bf2a8bd05dba |
| SHA1 | 446a47fc55e2eb128c5ab36c9e32e9adf2dfc9d8 |
| SHA256 | e1331443022e01a46ecea061403318ec84dd1747430e2cc98accb67fe44b58e8 |
| SHA512 | 11526ad5ff56fbbd7b70a1297dfae3856b57f9e7c8ca9670222993c6f4ac11f98606328b98038030240b98c798068526d49435c1af8dca1c99556184857f5114 |
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Blocker.gen-92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b.exe
| MD5 | 8434eea972e516a35f4ac59a7f868453 |
| SHA1 | 39eff0a248b7f23ee728396968e9279b241d2378 |
| SHA256 | 92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b |
| SHA512 | 308160a34f7074f9a8178ce8ba37f155ba096c7448bc5cd0e9861788e158d2eacdbb329f716bc1b6935db9b26c0bcb9aca23966c73e4114c8ea92e6f53d77348 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Crypmod.xbb-315f369efc70c440c9e128dceedb0390270f2e9be18bfee589bedf7b00bd2cac.exe
| MD5 | c0873e0209c7aafbbeb0bedee7f06fe0 |
| SHA1 | f17f0cd0bf92f5b5fb9f23db44495f0ee65d45c8 |
| SHA256 | 315f369efc70c440c9e128dceedb0390270f2e9be18bfee589bedf7b00bd2cac |
| SHA512 | ef85aeda5cb7460cb9603498f88b8e3099abe2120b75679cf7754cfb0ac04da14069e1c33f718cddec51969ae237e4136dc051904dcb907d7e98e7c39676c2bc |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Blocker.drxt-d083c4fa5a88432fc013db0ac1f22a01c0ec0b4725c27bf5cfb7b8d3099fd9ac.exe
| MD5 | 44e3ba7a05be9a34603caac43a69beba |
| SHA1 | 159cead7f4ec7ba60d1d06e0a51c62acddc2f295 |
| SHA256 | d083c4fa5a88432fc013db0ac1f22a01c0ec0b4725c27bf5cfb7b8d3099fd9ac |
| SHA512 | fb87a7e9e9905c01200437579f590262cb9823f94cc2d496a30c70694c8be0f25fef6dae5cd1345bd5d52261090efc3999be1fccd15c0e5b58c7ab8e60ff1329 |
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Zerber.gen-2aa775cfaf4a849779153df2ea1d7e513a60e629a38f43487491fa3d5d29773d.exe
| MD5 | c1f3c283a3831372839505b1ae8be1c0 |
| SHA1 | dcd4fe7084e1eee57b224c2f5c521bd0800a2e1a |
| SHA256 | 2aa775cfaf4a849779153df2ea1d7e513a60e629a38f43487491fa3d5d29773d |
| SHA512 | cdd009ced6f2d82af3d484354fb304f620f34b33e03905cd80350e0641adb1976926a21f0fdf456d77f0b75992efd4172c5e9cb1f2b6bd8b25917e30a02b74c3 |
C:\Users\Admin\AppData\Local\Temp\feed
| MD5 | f08784b01f10e5e081a39dde42a9a108 |
| SHA1 | 8af0854ba8735a49c53b74a0959406696ba8cf03 |
| SHA256 | f6a53634450f584cfe2d6f01156dcdf91f09f83c81479c3e3b966d84ac79016e |
| SHA512 | aed1d371c4c513cf649c9d96b20ee2bac7bf76950a4e5d6b57194cbacaf94e5a56e89a7bbcc8fab68e52baae44cfbe0fda0e4ece16af6bd5ce36a68e62e138e6 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.GenericCryptor.ilm-130901fab52c6cd7fee0a2e1776aa9938874cad922aa431ea9e2f21b9f0b3724.exe
| MD5 | 9c73dfc02bf01fc1da8efc349d23646b |
| SHA1 | 5807a387860f7a93e848fa121efed2707cf011f9 |
| SHA256 | 130901fab52c6cd7fee0a2e1776aa9938874cad922aa431ea9e2f21b9f0b3724 |
| SHA512 | ec51d28567cfdbbd7f712d3063ec856f36ffdc12314ca7aba819086d17a447a2e6900f8e71bfb2b0255e4497458d3220e83138d76dae322b7da3c704bdeaf8a7 |
C:\Users\Admin\Desktop\00275\HEUR-Trojan-Ransom.Win32.Generic-ee44be57270954cc60c1d2bb3cd678019e20aa43e84c8e457a4803519e8528ad.exe
| MD5 | a2646cc12e1d563eef14bfe63ca1c405 |
| SHA1 | dbbcc35cec959a26ccaa94db23edbdd16b95f297 |
| SHA256 | ee44be57270954cc60c1d2bb3cd678019e20aa43e84c8e457a4803519e8528ad |
| SHA512 | ee0b3bd29c43ca8bacba897b70b0ac3bc4b32917e9c640a20a5e9c2e7aa5619325125f800bdf2fc5c49488682f382b1c181aeb1df22de59b17c72586c075a203 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.wze-5c6f7b9de14d59d19d62dc147dab0337d5b19d77fd31abe47f7fcae17d3a3fc5.exe
| MD5 | e01381bb15a041edf46d58cf4e8dd528 |
| SHA1 | d426a2f1797f2de21d9e93bd734403b9b37c2b97 |
| SHA256 | 5c6f7b9de14d59d19d62dc147dab0337d5b19d77fd31abe47f7fcae17d3a3fc5 |
| SHA512 | 3204bd1c2fdf0ea15cdd3e29a27eea6d91644ffb16e4dba183ea984c5cce84d330d18921f7d68e61fb1bee793022cbd541a97cc0567cd7efba48ad049bcd27dc |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.dlx-5da789e775061401f4044aab9818d7094f2e3f95256b540840a85e2842b15f22.exe
| MD5 | 65823444bcf0839e39ba456dcf8ddd3f |
| SHA1 | 5dcac05646046371ba507a1cae9eec6c653b22ee |
| SHA256 | 5da789e775061401f4044aab9818d7094f2e3f95256b540840a85e2842b15f22 |
| SHA512 | 56d90f07a8ef3711e64738eed80886196b4b34c3ab5168ec69db8d84a4f75ddb85f27ef5352274a2dc749800e6a05c577f3706f11205885cf8ce36097d611ba0 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.wyc-1fc261dabeba15e8e5f5495fbb519847e7783e15501cf6e802eaa9ac7c19c3ea.exe
| MD5 | 8559c06a20d5a65d0f026e800496e88c |
| SHA1 | 52d2db5d99acd2dcb07026fb6fc3a7b517371f88 |
| SHA256 | 1fc261dabeba15e8e5f5495fbb519847e7783e15501cf6e802eaa9ac7c19c3ea |
| SHA512 | c9e199b41b3b6c3182242af5918227b20f514d9c7eaeddca3093e5a2a8b7e2b05f30dfa45a2e76b4497a589a07e80e640a71897b9368b9afcb85e96b7c0ba42a |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Foreign.njhp-b2925170efd2cc372b8e3b5c64938b49362c4d325d2e511031ab070e264e8011.exe
| MD5 | ce9a6403172efff38e0ed802e48a4650 |
| SHA1 | 3ff957e51cd573b4855e35db832e0d2c2d1a5463 |
| SHA256 | b2925170efd2cc372b8e3b5c64938b49362c4d325d2e511031ab070e264e8011 |
| SHA512 | be165ed3d59222b2642d8370146e7e3cdcd7724071f9f27321a878f51fc4a0b86ca08944fc238c85d5d3c1cc34bf928eb5347e9231a27101cdbd61f773012839 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.gn-7bb2e629f366f938cc2d6778804f413a372ddd3ce9637e17205e0961e4e1ec8d.exe
| MD5 | 197a98dd6fc4b06da146fdc83fece4a3 |
| SHA1 | 8c37f9890755e441bdb14bb3d7e6ab327d44ebce |
| SHA256 | 7bb2e629f366f938cc2d6778804f413a372ddd3ce9637e17205e0961e4e1ec8d |
| SHA512 | 7fa13d1ceba08b08b91611882b5409b16d02a5bfc7e9eadfd93253e8f49cd395972e04ca58a06c6191f257abcd1714bbb7cf6bea1de531455c1c7babff3c1281 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Zerber.ewgz-6612323db1ef26c1813c35d4c1d8f6983c7aac7a6acc160c33f27e5f670288fc.exe
| MD5 | dc78f318817ac2c51bd35b2294ccb168 |
| SHA1 | 4b62f6cb787f126d2f9b3d436cbda694c9edced7 |
| SHA256 | 6612323db1ef26c1813c35d4c1d8f6983c7aac7a6acc160c33f27e5f670288fc |
| SHA512 | 39753fadb8edc9d1402bcd47b0c2a886b446f98618da49f08c12ca309c5cdab0ae81a715b3b26a0661499d958f106b16f2f7b5c36ac28ff27c36c7ac1852e603 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Purga.p-f057cdee05e945771df9d7d9499a9172e0ee59175c9306ac2250ca751a5fc66b.exe
| MD5 | 3e93fe3e8b7e102d64751f0ca48b3b17 |
| SHA1 | b96e0d7cc0663d1de029195a91fad58eae4787ad |
| SHA256 | f057cdee05e945771df9d7d9499a9172e0ee59175c9306ac2250ca751a5fc66b |
| SHA512 | 7b0346233d87024dc5fcea18e2f204d9a45c838f303d384678df52fe9a02730f2a5a7d2e75815a1cc1cfa43e8768a8a5396bb1dd9017543d1f229ee454d20990 |
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Rack.gvy-a1f0617c44fcd4794a06b1b8bad5a133b0c9bcc177dd11546ca38016c8bb6488.exe
| MD5 | fcbf90c72794f64d5fe87ab4b824f9c5 |
| SHA1 | 416330ab9b587bafa01f213d200791837659995c |
| SHA256 | a1f0617c44fcd4794a06b1b8bad5a133b0c9bcc177dd11546ca38016c8bb6488 |
| SHA512 | f2c8d3de44a0410ce95fc90cd2c96b365d19aaaa2b5a2bbfe4bcf9ee9c409cb864114dc7e2e6b58d6547500fc526d21a5687d9c5dc1da7145fd46c61450fbf3d |
memory/2176-141-0x00000000000C0000-0x00000000000D3000-memory.dmp
\Users\Admin\AppData\Local\Temp\nse195B.tmp\System.dll
| MD5 | fc3772787eb239ef4d0399680dcc4343 |
| SHA1 | db2fa99ec967178cd8057a14a428a8439a961a73 |
| SHA256 | 9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed |
| SHA512 | 79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89 |
C:\Users\Admin\AppData\Local\Temp\nsk1190.tmp\System.dll
| MD5 | a4dd044bcd94e9b3370ccf095b31f896 |
| SHA1 | 17c78201323ab2095bc53184aa8267c9187d5173 |
| SHA256 | 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc |
| SHA512 | 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a |
memory/2376-204-0x00000000008E0000-0x0000000000E3C000-memory.dmp
memory/1292-218-0x0000000000400000-0x0000000000452000-memory.dmp
memory/2376-203-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/2376-201-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/2376-198-0x00000000001B0000-0x00000000001B1000-memory.dmp
\Users\Admin\AppData\Roaming\Kyajyq\pyudy.exe
| MD5 | 5a9ca8f91478f67def47e7832b0554b8 |
| SHA1 | 4af261ef2d59b9cbc8e0fc90b5477ce938a04b5a |
| SHA256 | 4871aba979d8633f2704310631269e361500e5774c6da5898966c09cd0591296 |
| SHA512 | c973501e43842b7fa400ecb72e77f21aff35f191bd35c40bbe7819504509c8f5a3d43c73a17b09c5260b2a3fc431b3f67183a776f19287237973fe8501ab8e9d |
memory/2692-247-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2732-250-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2732-248-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2336-256-0x0000000000400000-0x00000000004B9000-memory.dmp
memory/2388-255-0x0000000000400000-0x0000000000491000-memory.dmp
memory/1292-254-0x0000000000400000-0x0000000000452000-memory.dmp
memory/956-253-0x0000000000400000-0x0000000000494000-memory.dmp
memory/2192-257-0x00000000013D0000-0x0000000001408000-memory.dmp
memory/2276-260-0x0000000000400000-0x00000000004B9000-memory.dmp
memory/956-268-0x0000000000400000-0x0000000000494000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5FCC\2FE6.bat
| MD5 | 9d4f8271cf008f7cebe2f6f609b35c74 |
| SHA1 | 3105fcd7324ae8d76a0cf9139460ed337229fe63 |
| SHA256 | be374d20c9a72e6d38999ef7f792c6aa62da7543e77dabb7ae2c0cf2e68d4676 |
| SHA512 | f9bdfff248fbba54cd6e090325bb375940a40a37c4487a6a555167639aad36e8918685afac52def81a8436259bed3b077cd2eb3b8b2df995f07c013dd1e3612f |
memory/2192-259-0x00000000013D0000-0x0000000001408000-memory.dmp
memory/1732-252-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1724-270-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1724-272-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2980-274-0x0000000000400000-0x0000000000452000-memory.dmp
memory/2336-251-0x0000000000400000-0x00000000004B9000-memory.dmp
memory/1088-277-0x0000000001B40000-0x0000000001B89000-memory.dmp
memory/1088-275-0x0000000001B40000-0x0000000001B89000-memory.dmp
memory/2692-246-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2692-245-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2692-243-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2376-196-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2776-314-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2776-315-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2376-193-0x0000000000160000-0x0000000000161000-memory.dmp
memory/2376-191-0x0000000000160000-0x0000000000161000-memory.dmp
memory/2376-188-0x0000000000150000-0x0000000000151000-memory.dmp
memory/2376-186-0x0000000000150000-0x0000000000151000-memory.dmp
memory/2376-183-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2376-181-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2376-179-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2376-178-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2376-176-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2376-174-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1680-164-0x0000000000210000-0x0000000000223000-memory.dmp
memory/956-134-0x0000000000400000-0x0000000000494000-memory.dmp
C:\Users\Admin\Desktop\00275\Trojan-Ransom.Win32.Locky.xaj-92863e45537aa9c1eee65bb71e9709342d35aa5d27e1a0632a07267235bd1c8f.exe
| MD5 | 480a9fb7a41ebe01de3e2dd1761e275d |
| SHA1 | e31952a06f821b846ff03a442e81834f01877c6d |
| SHA256 | 92863e45537aa9c1eee65bb71e9709342d35aa5d27e1a0632a07267235bd1c8f |
| SHA512 | a7824154688a3eb27bd24c08c58d97cd0d824bdb3d26f86786e24901489f4ecc9fdea47903447892d1072dd7b5d6a2ca023880f92e061e890289f3688d15d10a |
memory/2728-413-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2692-392-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6110149a\442a.tmp
| MD5 | 3df3aef73cef3fad74a02e6ab270544c |
| SHA1 | 4ad7027c231603b3beef1d16e51d9d74a84c4b87 |
| SHA256 | 7a6e37bf64dd3a104c47a8be5035c10628e6db74a10825731e7fc0135d34e30d |
| SHA512 | 3960dfcbd08268442faa39dffafabc38b3a1d779f6bb7f4ffb17445a1828be3207695609b4485d1ad2cb371b8fd40ea823ab06ded445d6e9b7f879672e64c68d |
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | 426e0843a457ea2d7c338a497f62b24f |
| SHA1 | ebb351de77820f60e67e25703e6dcabb418762fc |
| SHA256 | 8009c3b6b376a5532a44f577135263f1041ca2769cb4c8b9211230950e0a6ef0 |
| SHA512 | b839576fbc2d500767d7ed02e1fc31493589ce27708a545a6a28f4bb79529560ebd5341144c810f5a187aa65ae91d29f08e24f0ce8c3542c03da2e78e09ffc71 |
memory/2728-523-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\system.exe
| MD5 | 4e038675c3bf14d0ccfb04a70788a848 |
| SHA1 | 1a8c5083da89c09fbae3ddeda93cf06a258c849e |
| SHA256 | 2e5532802da47e2e58f35bf0ed6a19dd02897ee3167dd2be0a91b8d05eb8ee7c |
| SHA512 | 6dfc3fd1ebe8deadc4ec446481a9dc3f694faf56acfa3007a0344ce8920fa3d3d9156e11d084acf7d5e159bf75f2dd1f2d96415fb7e9ba6654abaff20f762ebc |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+hvkav.png
| MD5 | 039b3306803aa47140808ab5db7b75bb |
| SHA1 | 520a587bbb2906486a590842414be822be128f6b |
| SHA256 | 527245d11fd14313ec3e2ce687485c815882dcaeb8cc09cce4c63a5c69ac53ff |
| SHA512 | 7990a409aac2a836be903ffe009f421f2303298274d03d7bb3bdb553ea2110e53fcc1f3f2442700dd6482c344f0d2ab4a95f530fc3d0c9aeddbfa364f3240f15 |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hvkav.html
| MD5 | fb1a211ce85c49ba2203e01cc6e09712 |
| SHA1 | bf2377ae24c2bf8d4061efaf6304de9cbe3bf69b |
| SHA256 | 067b16c460ebde4d147bb940e8e7be4636abb528061b8395e6f60c5589b93aa2 |
| SHA512 | 54ea5ed6f7e1e9b27746a31b1bf48e9da108ee014c90fe2c4c67905481235e0e78ad967b9e0f034a38c4bc023d01d50ca7427ce6d62c38f9d9427a74d9c4e2ee |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hvkav.txt
| MD5 | 326e922797f70f8b75291a21d8a9066a |
| SHA1 | ca0cd354811b253fee32dcd905c804a1b03b54a0 |
| SHA256 | f623783bbe879575dd431035dfaaa35b06bad2adefae0d386022803a399f4102 |
| SHA512 | b20fb61d0918734f9faa6b889b1d580f717d0f763a7862908e81b445851b354b8f1dfcd573e284c2ed38ef0f595df4b33fe123981709ce1e0bd29e87a4c1d547 |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hvkav.png
| MD5 | d75fddbf64a38e6b1c84815eac31bff9 |
| SHA1 | 5dfe8e77692c2bfb50eb15082cfa93000fa9ec9c |
| SHA256 | 04ddb6581c1d0f1714d7b44ed2c3c4de6dd6240e05fa4887dfa36b128085ad4e |
| SHA512 | 82f33b22d73df3f190778d3e7104de50d568834c635c6f437b4f0a388925f678ddfb102b9be7408bad4265601f47105bdd12e2ffdd9e04595d06f3bec8e4f555 |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+hvkav.html
| MD5 | e69885a2c79b9b25cc60484245c329c6 |
| SHA1 | 305c38cec0af8977ac921f570c9169b137fca569 |
| SHA256 | c2f567a66bfe9ac6f8bd9647cd49e3e57492b1b7a6e14b871f1e54f8eab55128 |
| SHA512 | 15c77964c67ac990c3392e731600499bf66818a4d6d3c6096be0490d098d49f2e1845694a8bc3ec6ac49a02d38e5bf46906ddd43282b8884e9ce0fcbc36c11f4 |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+hvkav.txt
| MD5 | 4786445f0ddccc0ffed87b1b31e9c144 |
| SHA1 | 1bbbdb2cdf7fd69dbe978b3993279857f39b5a52 |
| SHA256 | 00f7059d134a0c41e40bd9cd51f7bd0723c0a09f552b8d8028073a0ba25a3592 |
| SHA512 | 113c166deee2e04383e82c2622f80c74f33e0eaa8b198228df13d8950821ea713d9d6e0c11a36febaa3a30958945466be2d62f407dba274294287db8e8ce392b |
C:\Users\Admin\AppData\Roaming\WipeShadow.exe
| MD5 | 3e1050e1fd69a19b9d0505cca823668e |
| SHA1 | 61fee51de33081af6b6c33e3176b90c3c7a7a78a |
| SHA256 | bd89d7854a176e7240f637989a5ca3eec4a257bde7ea0a78c4b2aca9ff5fc661 |
| SHA512 | fb4513a2ae7da79d00d8c87a8b8533dcaf307a22ecd3591013eb86d756cafae620c12f68130dfac2ab0dc4b7f66ccef34510ed93012811e67acec2b41ec8aaba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 985d0a50af86c67900db5912712125ab |
| SHA1 | 2f6135abb148a7b09c85c590ea8893c0f7681496 |
| SHA256 | a7925faf4746092ae136c610859c8babe8035895561db6f78a8f2af085b7b5a1 |
| SHA512 | a42e291e06d9098dcde54b3cac8006bf58082ee24372ee13bc415165f0d1f763ff2ab04b6c37d922735c5932fd47069f603d6318bccc8d6decb636bd2d2edc91 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
| MD5 | e4823cebf789f990c92b06a8a9715732 |
| SHA1 | c5d8afbd55fc351295deff55ac837b2a7fca730d |
| SHA256 | 51a176e6851725211de36a6931404817468d07bf913e567544f98431e10c7d57 |
| SHA512 | 9b5d0bb95356e6caf8737e6f95aa810808c8c44fe2e4ecaba430e2fc5446084005c8364fe5e86bdef347851147302144e55478ffcac8a86b58cfcdda95ed1e3b |
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
| MD5 | 8482b09dacb34b1632f7cfa8f20e16af |
| SHA1 | 87a7ff4da58086487665d5167eadfae96388f16f |
| SHA256 | 2a03429fe0411d3254fc8291d08ebb1224001c87ea57cc9e3dcaae70bd38eca5 |
| SHA512 | f823c4e8b0b484d412d0187ab7ceeef00f208fdaa6e09e06f791e5866cf0019b0ce213f9939be552c31dec5ca0287f986b4a203ec7f39534bbf8bdcf5c28de20 |
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.mp3
| MD5 | b413e0a2b3479c35aff2c8dca4186681 |
| SHA1 | ae17f18fbdfa3bd6f5eaf8492599dfcfc0397206 |
| SHA256 | a90e77a271671b3c02eb93d7dea809177709eee2ad515355127abba358ecd3fc |
| SHA512 | c2ae0d4255f5d7a7996dd4d5f97eae1fda06f7c11b53e7e6a8e6812a660b257603cd18293c9a7e302cc3505463d019f2dbfebb48520cd58b46c5a449e3efc556 |
C:\MSOCache\All Users\OSIRIS-aea2.htm
| MD5 | e685d42869b73cfef79971069c1e9710 |
| SHA1 | 172507d67cfe3ff31edbe0c63975627894241dfe |
| SHA256 | bea3c79b52f4c869269112489a548a265a32b6332a2770bd78fff8ae3cd1cdfd |
| SHA512 | dc44be08e01910e1496991c1a7484623e4fdba82bbbf934a12761e733ca8c9af0dd48adc95dc73b3a8003d041540257d987acfdc1a7e6cf60a69632804a11ebe |
C:\ProgramData\Adobe\Updater6\OSIRIS-c08c.htm
| MD5 | f3de7ec98551e8227b8cdd142997260a |
| SHA1 | 2771451e3d90b1d8afff70478d466ee6e5d84438 |
| SHA256 | 0b8972fd8992aa2b8bc31ffdd36202d0a395c99658642e7bf652cecc922c4fad |
| SHA512 | 0bdb4f7cf2002f81d0e69b47e10374f968e05665f983db6b6723ab44279b48866c28835b297812a93babecfa23fd773700f8988b4e93f1c9486b37f311cd0dab |
memory/2692-5199-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 6aa5baa89267018974f26f306031cb92 |
| SHA1 | 589687a767ee140b75ea74e43927ebaec563c264 |
| SHA256 | dab75cdbe5f967be898fff071ef2536058bbf74d5d6a6950e744d7146c2cd7c6 |
| SHA512 | 16de35588903d3243f9230e5348806b6294f43f9f52b80e82714bd56601acb993550160aa6cf89737e64597fff262e97679b06b89a1a846c08cb35e0dba87270 |
C:\Users\Admin\AppData\Local\b8cbea\bab445.bat
| MD5 | bc3f473e49daa90e9b97f28176fa7f9b |
| SHA1 | 3ebfa725afc563327a8b6fd92b00c86090108805 |
| SHA256 | 8da47a250e1002d4227e4205504ffb3019cb7bd0828007e726162f641aaa65d2 |
| SHA512 | ceb8bdb4f3db8ceed1a6c80824a998bd47b9cf49d7437e362cb489592a5466ecc8a95e8a871c85e9c8a3a1b1ad4c5bdccd985bc6542c1fa25bbedbbb288d3ed4 |
C:\Users\Admin\AppData\Local\b8cbea\8fa4c6.fbfb99f
| MD5 | 0673194556a94d59ad7ff7c2de17b328 |
| SHA1 | 572a322e77b364d4550ff26a329ea3c314e44b0e |
| SHA256 | b7550a65d9e8916bfc6aa37e8ecbfa10ab187d9679017697ee7ced6d87a57fec |
| SHA512 | 91e0ca587ee4a00a8258e03bf8b14d61c239272a7e5aa1004e6e67f4eb3b04d9660a8d0ecbb94b95b8817f9452520533814d53df9844f3ad5c0c58dd2d9916a0 |
C:\Users\Admin\AppData\Roaming\d734ec\a03172.fbfb99f
| MD5 | 6b10047e7b75b63084fda3c043f0f2a8 |
| SHA1 | 871ccb9313e76d873b2d6509c207e43d7ff054c4 |
| SHA256 | fdb1470bbfb0f61b4d6958da4cfd610ced92976ac0971018ecedb75adfc7988a |
| SHA512 | 2b05b056fd3d0fdfd5c4cb881f09cd4aa0308e8b1f44d39008ff26c1c5a3154fa60471b7f8a07e5b925304e3c90d03bc1c88fa13c147e2238a3f36600c662983 |
C:\Users\Admin\AppData\Local\b8cbea\f3f5e8.lnk
| MD5 | 34073f834f60afb31ef02f0cec4d50c7 |
| SHA1 | c903dba3a817e84986661329db3ce3473fbd90ad |
| SHA256 | 379fde9e5adb015125d554b6dbfcbda507ce3060c6638797f64cebff7ca14b85 |
| SHA512 | 46b76c482f6fa6811e663b1656ae3bec640afd654a7a4a9ecf7fa2734220ff41a63072e7d8030f46c8a5235518d2ec9764ed202143afe6d518e2a8043934f416 |
C:\Users\Admin\AppData\Local\Temp\~DFC0F0986D2C4E8527.TMP
| MD5 | 67ca3880ca189200147f1fd7bc622c72 |
| SHA1 | 81a5f8de5b502a4a515181018b5d76c9e5bba746 |
| SHA256 | 526a87bc711dea2fbc10943f750169b48730e3ccdea610f48f30cc8eb768f456 |
| SHA512 | 8c5ad75c369e92cdf5fce3244164575eff527cda54df79d20c881bf2e516ba6e2f760225ed109cd0585d19a08bba8120982b19f9b8ac4be830b1b29119a692a2 |
C:\Users\Admin\AppData\Local\Temp\Cab3B9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar458.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ab8b0508b3b2469cfc41f66664d7d7bb |
| SHA1 | af094af3b42919f7f029550b17a140b20f79176c |
| SHA256 | f46702cc2d0aae1366dad7367c3296524bf02532e1c79a28c95cef2fea53963b |
| SHA512 | 2bc3f8766fb4f44823c3cf793d3076e024dfb0ddead3c837c1fa25e2f4a9f5cdb14abbc6b64e79cd45f215667a71c36413342cdbbb8c7b8501e3ecb2a2fc8213 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9f1b9cbaaf96604dde926fe40e9e384 |
| SHA1 | 571e7e6f3f655a262c7e0ae2cfa62cf9bfad9ff5 |
| SHA256 | 1f38c6581ae718eba8550d9387585e2c8f5d322b704e952b5278e1af1e9a87f5 |
| SHA512 | 87da4265baa38b59ff2d99f98bd154c3c9eb48962dc2ac270b226675bb7654812af394b80e486bd5593a06b36d9c1432776e8176d5eb1bcb929ada5fcf34468a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a705757c7e4a0c7299137763f9a50508 |
| SHA1 | adc3b4030dd1b26a53fefa6a0a2203f905e5690e |
| SHA256 | f49264c905b2680e242801b87cfa72c253d3658642312ed77f94f446cd7b036b |
| SHA512 | 66bbe119dcfeb395ab1ed52a1d2588186657a74d19f0fc7c38a6a1832e7afb7025ecaec96eb42370ac0002e9f94cc1cfd6d4ca852aa5188509952d8261ce4758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ceea4a6a931ecfb4987b728be010c06 |
| SHA1 | 35af69d5579bcf51a1af167f55d5ca94b4255e32 |
| SHA256 | 39a78abe0211a28dbab28f3d8e85f39aa4a98a2bfe91874cfbcf136216e25ecb |
| SHA512 | 43fc60fea4304c84363b3e0a9a2a0331082678bb08827b2b491b5a1537eabcfdb25a12265060933a9e4a31c0c47713ef249f759ce25a74d0e25bfc3c6fc8c3e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa8ef07a63554e2b118ccb37b1335bb5 |
| SHA1 | ab613b618a0359e4c9fb6e820899bca57ef00f2e |
| SHA256 | 976e721f65ae0316b23df7bf004f7f435fb76557ba6ea3642f733ec9f25ec32f |
| SHA512 | c428b363235e03c4d7ceb08930d06a9880bc49abb8956b8666dc3e0a4d70c0260d146651a49ffa1d969de26fc34551b4049f5ab2a9f1884ee4e98423f183a184 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91b1f80c740722ddf0ec01a3bcbef4e3 |
| SHA1 | b6f0d13dfd4c276acff5c743735eed883c5eb118 |
| SHA256 | fb0a795378ad61e9c05f291ba5b827326e42ed5ee1c0c4efaab5345ec13f44ab |
| SHA512 | b646095b165bea2888370f1ea95a27ccfc2532c127acfae56a82e7902eacb476ef05b7d927cff9bc798b77616a6eb53d513dc3b2c8a2735e667a8792b307136e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6102aaa1bb48695f75968c4058baa8bb |
| SHA1 | a36d4519fa6935dd409c844bae3331acea5cf6f0 |
| SHA256 | 1ef4ab06b7f7f9b829e8e3a0f87838f253dfcb0cbe0dfec86aad2893a4b3ccd7 |
| SHA512 | 3fa0b7740b357baf184b36d8adaa2f86147ad67441d0e502f2577fa70d71a71c1cc434f6a8031acea5c3783a819815c0dc74fc100f7c196b4d8e0ba6ecbc6e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f37f8d38f7c30154d4a62b050c4c402e |
| SHA1 | 2c18a453cde915710282e6bb411666a7e0d170b8 |
| SHA256 | 4345912a5ee1bd0ffaa349106dc96cc0cd4763d704e15b332ab56f088aa5aaad |
| SHA512 | 980220862747ab5586cda94aecc8949ebec2082ce9bf833b58dc7f9bb9c6ad823d1a9696f7e0426dca13469e62adefb9cb5f9c2086445aad5aecd62fd378a5f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d3f2e398fa95040526e98b676c5d6e |
| SHA1 | cdd84aaeeae57f228b6a74afe16106863e6d66ff |
| SHA256 | ace341f3e6fb44a7a2953ae4eafd8d5b5acbda571bab825896708fb523b3d724 |
| SHA512 | 9d1b4fe2367e081db4b643c3523095f1c4cd205720e8c050b3867637d7724ee5f0e3f9d5276d1bd5cfe880fb72ebe3dc2150cd5ff26aa9033e7609f1d5a3ef1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a113514863a08de14738ac54e5d1e5a |
| SHA1 | 3de2724713c4760277fcc7ddb29f441d15b11ab7 |
| SHA256 | 72299d481ed4dc2ddf8a767daa5a5d6ba1039c744ecca64deb0df5a377b89559 |
| SHA512 | 8229675a47b4af40bd4f193232896c20e81a7c2769b4f1b96f9fc8090b0551ea01ec05f8d657ceaafc7176659b3a8c3094d5fcde3240ee96eb2f2a46c3334f51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9646c9b6227e053af56040dd6597e04 |
| SHA1 | b260989df391a5463b3919c63c613654cdffc4e3 |
| SHA256 | b25ecc0af3e2d5c3875d9aeca4e6f19a3960a322fbd749ca1f246db004de5675 |
| SHA512 | 8ea317cd2a18cc952681a3df6c8872d9aa17e7cbacf7b0cedf3086ee740daaec3c28c56161ffff4601fd46d223817908d9ecfd63997d99a701e377200fd2f3af |