IOC Report
Pedido de Cota

C:\Users\user\AppData\Local\tilkendelsens\disappearances\josts\Unvoraciously\hgwells.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\tilkendelsens\disappearances\josts\Unvoraciously\sprogtonerne.dag

GTA audio index data (SDT)

dropped

C:\Users\user\AppData\Local\tilkendelsens\disappearances\josts\Uricacidemia.Ove

data

dropped

C:\Users\user\AppData\Local\tilkendelsens\disappearances\josts\kvantumsrabatters.Ska

Unicode text, UTF-8 text, with very long lines (3419), with CRLF, LF line terminators

dropped

https://chrome.google.com/webstore?hl=en

unknown

http://varders.kozow.com:8081

unknown

https://www.google.com

unknown

https://www.google.com/images/branding/product/ico/googleg_alldp.ico

unknown

http://checkip.dyndns.org/

132.226.8.169

https://aka.ms/pscore6lB

unknown

https://drive.google.com/

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://reallyfreegeoip.org/xml/45.92.229.138

104.21.16.1

https://apis.google.com

unknown

https://chrome.google.com/webstore?hl=enT

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://reallyfreegeoip.org/xml/

unknown

https://www.office.com/

unknown

http://nuget.org/NuGet.exe

unknown

https://aka.ms/winsvr-2022-pshelp

unknown

http://pesterbdd.com/images/Pester.png

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

https://drive.usercontent.google.com/MY

unknown

https://duckduckgo.com/chrome_newtabv20-

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:980108%0D%0ADate%20and%20Time:%2028/03/2025%20/%2021:29:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20980108%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D

149.154.167.220

https://contoso.com/Icon

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ac.ecosia.org?q=

unknown

http://checkip.dyndns.org

unknown

https://reallyfreegeoip.org/xml/45.92.229.138$

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=

unknown

https://github.com/Pester/Pester

unknown

http://aborters.duckdns.org:8081

unknown

https://www.ecosia.org/newtab/v20

unknown

http://anotherarmy.dns.army:8081

unknown

http://schemas.xmlsoap.org/wsdl/

unknown

https://reallyfreegeoip.org

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://gemini.google.com/app?q=

unknown

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS

FileDirectory

21D7B000

trusted library allocation

page read and write

24010000

trusted library allocation

page execute and read and write

24500000

trusted library allocation

page read and write

2E70000

trusted library allocation

page read and write

24500000

trusted library allocation

page read and write

21D6B000

trusted library allocation

page read and write

8640000

trusted library allocation

page read and write

778000

heap

page read and write

21E4E000

trusted library allocation

page read and write

873E000

stack

page read and write

24500000

trusted library allocation

page read and write

24500000

trusted library allocation

page read and write

2E70000

trusted library allocation

page read and write

570000

heap

page read and write