Advertisement
threatlabz

PrivateLoader main component strings

Apr 21st, 2022
8,716
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 48.75 KB | None | 0 0
  1. 0x1000144e: 10
  2. 0x10001662: Snowman+under_a_sn0wdrift_forgot_the_Snow_Maiden
  3. 0x10011ff1: CBC
  4. 0x1001fe6d: SOFTWARE\LilFreske
  5. 0x1002037a: SOFTWARE\LilFreske
  6. 0x10020777: Installed
  7. 0x1002169f: .
  8. 0x10021a17: .dll
  9. 0x10021fdf: #
  10. 0x100223fd: IsWow64Process
  11. 0x10022545: GetModuleHandleA
  12. 0x1002268d: LoadLibraryA
  13. 0x100227c9: SetPriorityClass
  14. 0x1002290e: Sleep
  15. 0x10022a06: GetTempPathA
  16. 0x10022afe: CreateProcessA
  17. 0x10022c46: GetFileAttributesA
  18. 0x10022dde: CreateDirectoryA
  19. 0x10022f26: CreateThread
  20. 0x1002301e: CloseHandle
  21. 0x10023116: VirtualAlloc
  22. 0x1002320e: VirtualFree
  23. 0x10023306: OpenProcess
  24. 0x1002344e: TerminateProcess
  25. 0x10023596: GetUserGeoID
  26. 0x1002369a: ntdll.dll
  27. 0x100237dd: NtQuerySystemInformation
  28. 0x10023928: RtlGetVersion
  29. 0x10023a2f: Shell32.dll
  30. 0x10023b3b: Shell32.dll
  31. 0x10023c33: Shell32.dll
  32. 0x10023d26: ShellExecuteA
  33. 0x10023e71: SHGetFolderPathA
  34. 0x10023fc7: Advapi32.dll
  35. 0x100240d3: Advapi32.dll
  36. 0x100241cc: Advapi32.dll
  37. 0x100242bf: RegOpenKeyExA
  38. 0x100243ba: RegSetValueExA
  39. 0x100244b5: RegCloseKey
  40. 0x100245b0: RegCreateKeyExA
  41. 0x100246ab: RegDeleteKeyA
  42. 0x100247a6: RegDeleteValueA
  43. 0x100248d6: RegQueryValueExA
  44. 0x10024a1e: RegEnumKeyExA
  45. 0x10024b4e: ConvertSidToStringSidA
  46. 0x10024ccb: LookupAccountNameA
  47. 0x10024e1f: WINHTTP.dll
  48. 0x10024f2b: WINHTTP.dll
  49. 0x10025023: wininet.dll
  50. 0x1002512f: wininet.dll
  51. 0x1002528e: GetComputerNameA
  52. 0x10025417: VerSetConditionMask
  53. 0x100255ac: VerifyVersionInfoW
  54. 0x100256f4: GetGeoInfoA
  55. 0x1002583c: GetCurrentProcess
  56. 0x10025984: GetVersionExA
  57. 0x10025acc: MultiByteToWideChar
  58. 0x10025c64: WideCharToMultiByte
  59. 0x10025dfc: GetCurrentProcessId
  60. 0x10025f94: CreateToolhelp32Snapshot
  61. 0x100260dc: Process32First
  62. 0x100261d4: Process32Next
  63. 0x10026301: Wow64DisableWow64FsRedirection
  64. 0x1002647b: Wow64RevertWow64FsRedirection
  65. 0x100265cc: User32.dll
  66. 0x100266d7: User32.dll
  67. 0x100267ca: CharToOemA
  68. 0x10026a2f: null
  69. 0x1002777c: //Adobe Films
  70. 0x10027b62: SOFTWARE\Policies\Microsoft\Windows Defender
  71. 0x100280a5: DisableAntiSpyware
  72. 0x10028626: DisableRoutinelyTakingAction
  73. 0x10028f19: SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
  74. 0x100294c1: DisableBehaviorMonitoring
  75. 0x100299a1: DisableOnAccessProtection
  76. 0x10029c97: DisableScanOnRealtimeEnable
  77. 0x1002a0f2: DisableRealtimeMonitoring
  78. 0x1002a6dd: DisableIOAVProtection
  79. 0x1002aab0: DisableRawWriteNotification
  80. 0x1002c2cb: Windows Server 2016
  81. 0x1002c5e5: Windows Server 2012 R2
  82. 0x1002c8fe: Windows Server 2012
  83. 0x1002cbf4: Windows Server 2008 R2
  84. 0x1002cf95: Windows Server 2008
  85. 0x1002d0d9: Windows Server
  86. 0x1002d47f: Windows 10
  87. 0x1002d79d: Windows 8.1
  88. 0x1002da11: Windows 8
  89. 0x1002dc9d: Windows 7
  90. 0x1002df1c: Windows Vista
  91. 0x1002e018: Windows XP
  92. 0x1002e173: (x64)
  93. 0x1002e228: (x32)
  94. 0x1002e52d: rb
  95. 0x1002ede3: explorer.exe
  96. 0x1002efc8: pid
  97. 0x1002f0bf: path
  98. 0x1002f2a2: md5
  99. 0x1002f391: current
  100. 0x1002f4dd: children
  101. 0x1002f61b: children
  102. 0x1002fdec: SOFTWARE\Classes\ms-settings\Shell\Open\command
  103. 0x100302be: DelegateExecute
  104. 0x10030941: \ComputerDefaults.exe
  105. 0x10030aa5: rb
  106. 0x10030c63: open
  107. 0x10031136: SOFTWARE\Classes
  108. 0x1003156b: ms-settings\Shell\Open\command
  109. 0x10031723: ms-settings\Shell\Open
  110. 0x100318db: ms-settings\Shell
  111. 0x10031a42: ms-settings
  112. 0x100322c6: CBC
  113. 0x10032641: data=
  114. 0x100328e2: /base/api/getData.php
  115. 0x100329f4: http://
  116. 0x10033631: |
  117. 0x100336f0: |
  118. 0x100337af: GetLinks|
  119. 0x10033a48: Error!
  120. 0x10033d71: id
  121. 0x100340bb: url
  122. 0x10034405: args
  123. 0x1003475e: type
  124. 0x100348a6: onlyType
  125. 0x10034fd3: |
  126. 0x10035092: |
  127. 0x10035151: GetExtensions|
  128. 0x10035429: Error!
  129. 0x10035836: id
  130. 0x10035948: ext_url
  131. 0x10035c92: cfg_url
  132. 0x10036652: ipinfo.io/widget
  133. 0x10036a76: country
  134. 0x10036b9e: country
  135. 0x10036ca8: company
  136. 0x10036de8: company
  137. 0x10036ec8: name
  138. 0x10037003: Google LLC
  139. 0x1003715b: company
  140. 0x1003723b: name
  141. 0x1003757c: db-ip.com
  142. 0x10037740: data-api-key="
  143. 0x100378e2: /self
  144. 0x10037a06: api.db-ip.com/v2/
  145. 0x10037eb0: countryCode
  146. 0x10037fd8: countryCode
  147. 0x100380e2: organization
  148. 0x10038211: Google LLC
  149. 0x10038351: organization
  150. 0x10038809: www.maxmind.com/geoip/v2.1/city/me
  151. 0x10038aac: country
  152. 0x10038bd4: country
  153. 0x10038d14: country
  154. 0x10038df4: iso_code
  155. 0x10038f40: country
  156. 0x10039020: iso_code
  157. 0x10039136: traits
  158. 0x10039276: traits
  159. 0x10039356: organization
  160. 0x10039491: Google LLC
  161. 0x100395ea: traits
  162. 0x100396ca: organization
  163. 0x100399bc: GetIP
  164. 0x10039abc: IP:
  165. 0x10039bb9: IP:
  166. 0x1003a09b: api.ipgeolocation.io/ipgeo?include=hostname&ip=
  167. 0x1003a433: country_code2
  168. 0x1003a55b: country_code2
  169. 0x1003a665: organization
  170. 0x1003a794: Google LLC
  171. 0x1003a8d8: organization
  172. 0x1003d464: rb
  173. 0x1003da18: wb
  174. 0x1003f5d7: Guest Profile
  175. 0x1003f716: System Profile
  176. 0x1004021a: \Google\Chrome\Application
  177. 0x1004044a: (x86)\Google\Chrome\Application
  178. 0x1004066d: \Google\Chrome\Application
  179. 0x1004083d: (x86)\Google\Chrome\Application
  180. 0x10040b93: SOFTWARE\Google\Chrome\BLBeacon
  181. 0x10040e7a: version
  182. 0x10040fcd: \resources.pak
  183. 0x100410b9: \
  184. 0x100413fd: SOFTWARE\Google\Chrome\PreferenceMACs
  185. 0x100416c5: \Google\Chrome\User Data\
  186. 0x10041992: \Secure Preferences
  187. 0x10041f0a: filter_browsers
  188. 0x1004205d: filter_browsers
  189. 0x10042227: chrome
  190. 0x10042318: browser
  191. 0x1004257b: filter_browsers
  192. 0x1004274c: use_open_browser
  193. 0x10042938: use_open_browser
  194. 0x10042b1b: use_open_browser
  195. 0x10042cec: extensions
  196. 0x10042dcc: settings
  197. 0x10042f38: extensions
  198. 0x10043018: settings
  199. 0x1004311c: install_time
  200. 0x100432ef: extensions
  201. 0x100433cf: settings
  202. 0x100434d3: path
  203. 0x100435d7: \Extensions\
  204. 0x10043717: \/
  205. 0x100439ae: extensions
  206. 0x10043a8e: settings
  207. 0x10043bc4: \u003C
  208. 0x10043cb6: <
  209. 0x10043e51: protection
  210. 0x10043f31: macs
  211. 0x1004401d: extensions
  212. 0x10044109: settings
  213. 0x100442a4: extensions.settings.
  214. 0x100444cf: protection
  215. 0x100445af: macs
  216. 0x1004469b: protection
  217. 0x1004477b: super_mac
  218. 0x10044941: chrome.exe
  219. 0x10044ff4: extensions
  220. 0x100450d4: settings
  221. 0x10045228: extensions.settings.
  222. 0x100453e0: ChromeRegistryHashStoreValidationSeed
  223. 0x10045873: \extensions.settings
  224. 0x10045a58: SOFTWARE\Google\Chrome\PreferenceMACs\
  225. 0x10046881: \chrome.exe
  226. 0x10047039: \Microsoft\Edge\Application
  227. 0x10047259: (x86)\Microsoft\Edge\Application
  228. 0x1004747c: \Microsoft\Edge\Application
  229. 0x1004764c: (x86)\Microsoft\Edge\Application
  230. 0x10047acf: SOFTWARE\Microsoft\Edge\BLBeacon
  231. 0x10047e06: version
  232. 0x10048077: SOFTWARE\Microsoft\Edge\PreferenceMACs
  233. 0x1004833f: \Microsoft\Edge\User Data\
  234. 0x10048521: \Secure Preferences
  235. 0x10048a84: filter_browsers
  236. 0x10048bd7: filter_browsers
  237. 0x10048da1: edge
  238. 0x10048e92: browser
  239. 0x100490ea: filter_browsers
  240. 0x100492bb: use_open_browser
  241. 0x100494a7: use_open_browser
  242. 0x1004968a: use_open_browser
  243. 0x1004985b: extensions
  244. 0x1004993b: settings
  245. 0x10049aa7: extensions
  246. 0x10049b87: settings
  247. 0x10049c8b: install_time
  248. 0x10049e5e: extensions
  249. 0x10049f3e: settings
  250. 0x1004a042: path
  251. 0x1004a146: \Extensions\
  252. 0x1004a286: \/
  253. 0x1004a51d: extensions
  254. 0x1004a5fd: settings
  255. 0x1004a733: \u003C
  256. 0x1004a825: <
  257. 0x1004a9c0: protection
  258. 0x1004aaa0: macs
  259. 0x1004ab8c: extensions
  260. 0x1004ac78: settings
  261. 0x1004ae13: extensions.settings.
  262. 0x1004b03e: protection
  263. 0x1004b11e: macs
  264. 0x1004b20a: protection
  265. 0x1004b2ea: super_mac
  266. 0x1004b4b0: msedge.exe
  267. 0x1004bb63: extensions
  268. 0x1004bc43: settings
  269. 0x1004bd97: extensions.settings.
  270. 0x1004bf4f: ChromeRegistryHashStoreValidationSeed
  271. 0x1004c285: \extensions.settings
  272. 0x1004c46a: SOFTWARE\Microsoft\Edge\PreferenceMACs\
  273. 0x1004ce8e: \msedge.exe
  274. 0x1004d2bd: \Roaming
  275. 0x1004d3ba: \Roaming
  276. 0x1004d4cf: \atomic
  277. 0x1004d615: \Atomic Wallet
  278. 0x1004d7ab: \com.liberty.jaxx
  279. 0x1004d941: \Electrum
  280. 0x1004da87: \Exodus
  281. 0x1004dbcd: \MultiDoge
  282. 0x1004dd13: \Exodus
  283. 0x1004de59: \Monero
  284. 0x1004df9f: \binance.chain
  285. 0x1004e0e5: \Binance
  286. 0x1004e22b: \Metamask
  287. 0x1004e55b: SOFTWARE\Google\Chrome\PreferenceMACs
  288. 0x1004e7b8: \Google\Chrome\User Data\
  289. 0x1004ea3a: \Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
  290. 0x1004ed76: \Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
  291. 0x1004f0b2: \Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
  292. 0x1004f3ee: \Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
  293. 0x1004f72a: \Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
  294. 0x1004fa66: \Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh
  295. 0x1004fda2: \Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn
  296. 0x100500de: \Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca
  297. 0x1005041a: \Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
  298. 0x10050756: \Local Extension Settings\fmblappgoiilbgafhjklehhfifbdocee
  299. 0x10050a92: \Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf
  300. 0x10050dce: \Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
  301. 0x1005110a: \Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
  302. 0x100513d9: robinhood.com
  303. 0x100514e8: yobit.net
  304. 0x100515f7: zb.com
  305. 0x10051706: binance.com
  306. 0x10051815: huobi.com
  307. 0x10051924: okex.com
  308. 0x10051a33: hitbtc.com
  309. 0x10051b42: bitfinex.com
  310. 0x10051c51: kraken.com
  311. 0x10051d60: bitstamp.net
  312. 0x10051e6f: payoneer.com
  313. 0x10051f7e: bittrex.com
  314. 0x100520dd: bittrex.zendesk.com
  315. 0x1005223c: gate.io
  316. 0x1005234b: exmo.com
  317. 0x1005245a: yobit.io
  318. 0x10052569: bitflyer.com
  319. 0x10052678: poloniex.com
  320. 0x10052787: kucoin.com
  321. 0x10052896: coinone.co.kr
  322. 0x100529f5: localbitcoins.com
  323. 0x10052b54: korbit.co.kr
  324. 0x10052c63: cex.io
  325. 0x10052d72: luno.com
  326. 0x10052e81: bitkonan.com
  327. 0x10052f90: jubi.com
  328. 0x1005309f: koinex.in
  329. 0x100531ae: koineks.com
  330. 0x100532bd: kuna.io
  331. 0x100533cc: koinim.com
  332. 0x100534db: kiwi-coin.com
  333. 0x100535ea: leoxchange.com
  334. 0x100536f9: lykke.com
  335. 0x10053808: localtrade.cc
  336. 0x10053917: magnr.com
  337. 0x10053a26: lbank.info
  338. 0x10053b35: itbit.com
  339. 0x10053c44: gemini.com
  340. 0x10053d53: gdax.com
  341. 0x10053e62: gatehub.net
  342. 0x10053fc1: satoshitango.com
  343. 0x10054120: foxbit.com.br
  344. 0x1005422f: flowbtc.com.br
  345. 0x1005433e: exx.com
  346. 0x1005444d: exrates.me
  347. 0x100545ac: excambriorex.com
  348. 0x1005470b: ezbtc.ca
  349. 0x1005486a: infinitycoin.exchange
  350. 0x100549c9: tdax.com
  351. 0x10054ad8: stex.com
  352. 0x10054be7: vbtc.exchange
  353. 0x10054d46: coinmarketcap.com
  354. 0x10054ea5: vwlpro.com
  355. 0x10054fb4: nocks.com
  356. 0x100550c3: nlexch.com
  357. 0x10055222: novaexchange.com
  358. 0x10055381: mynxt.info
  359. 0x10055490: nzbcx.com
  360. 0x1005559f: nevbit.com
  361. 0x100556ae: mixcoins.com
  362. 0x100557bd: mr.exchange
  363. 0x100558cc: neraex.pro
  364. 0x100559db: dsx.uk
  365. 0x10055aea: okcoin.com
  366. 0x10055bf9: liquid.com
  367. 0x10055d08: quoine.com
  368. 0x10055e17: quadrigacx.com
  369. 0x10055f26: rightbtc.com
  370. 0x10056035: rippex.net
  371. 0x10056144: ripplefox.com
  372. 0x10056253: qryptos.com
  373. 0x10056362: ore.bz
  374. 0x10056471: openledger.info
  375. 0x10056580: omnidex.io
  376. 0x1005668f: paribu.com
  377. 0x1005679e: paymium.com
  378. 0x100568ad: dcexchange.ru
  379. 0x100569bc: dcexe.com
  380. 0x10056acb: bitmex.com
  381. 0x10056bda: funpay.ru
  382. 0x10056ce9: bitmaszyna.pl
  383. 0x10056df8: bitonic.nl
  384. 0x10056f07: bitpanda.com
  385. 0x10057066: bitsblockchain.net
  386. 0x100571c5: bitmarket.net
  387. 0x100572d4: bitlish.com
  388. 0x100573e3: bitfex.trade
  389. 0x100574f2: blockchain.com
  390. 0x10057601: blockchain.info
  391. 0x10057710: cryptofresh.com
  392. 0x1005781f: btcmarkets.net
  393. 0x1005792e: braziliex.com
  394. 0x10057a8d: btc-trade.com.ua
  395. 0x10057bec: btc-alpha.com
  396. 0x10057cfb: bitspark.io
  397. 0x10057e0a: bitso.com
  398. 0x10057f69: bittylicious.com
  399. 0x10058118: altcointrader.co.za
  400. 0x100582c7: arenabitcoin.com
  401. 0x10058426: allcoin.com
  402. 0x10058535: 796.com
  403. 0x10058644: abucoins.com
  404. 0x10058753: aidosmarket.com
  405. 0x100588b2: bitcointrade.com
  406. 0x10058a61: bitcointoyou.com
  407. 0x10058bc0: bitbanktrade.jp
  408. 0x10058ccf: big.one
  409. 0x10058dde: bcex.ca
  410. 0x10058eed: bitconnect.co
  411. 0x10058ffc: coinsbank.com
  412. 0x1005910b: coinsecure.in
  413. 0x1005921a: coinsquare.com
  414. 0x10059329: coinspot.io
  415. 0x10059488: coinsmarkets.com
  416. 0x10059637: crypto-bridge.org
  417. 0x10059796: dcex.com
  418. 0x100598a5: dabtc.com
  419. 0x100599b4: decentrex.com
  420. 0x10059ac3: deribit.com
  421. 0x10059bd2: dgtmarket.com
  422. 0x10059ce1: btcturk.com
  423. 0x10059df0: btcxindia.com
  424. 0x10059eff: bt.cx
  425. 0x1005a00e: bitstarcoin.com
  426. 0x1005a11d: coincheck.com
  427. 0x1005a22c: coinmate.io
  428. 0x1005a33b: coingi.com
  429. 0x1005a44a: coinnest.co.kr
  430. 0x1005a559: coinrail.co.kr
  431. 0x1005a668: coinpit.io
  432. 0x1005a777: coingather.com
  433. 0x1005a886: coinfloor.co.uk
  434. 0x1005a995: coinegg.com
  435. 0x1005aaa4: coincorner.com
  436. 0x1005abb3: coinexchange.io
  437. 0x1005ad12: pancakeswap.finance
  438. 0x1005ae71: coinbase.com
  439. 0x1005af80: livecoin.net
  440. 0x1005b08f: mercatox.com
  441. 0x1005b1ee: cryptobridge.freshdesk.com
  442. 0x1005b34d: volabit.com
  443. 0x1005b45c: tradeogre.com
  444. 0x1005b56b: bitkub.com
  445. 0x1005b67a: uphold.com
  446. 0x1005b7d9: wallet.uphold.com
  447. 0x1005b988: login.blockchain.com
  448. 0x1005bae7: tidex.com
  449. 0x1005bbf6: coinome.com
  450. 0x1005bd55: coinpayments.net
  451. 0x1005beb4: bitmax.io
  452. 0x1005bfc3: bitbank.cc
  453. 0x1005c122: independentreserve.com
  454. 0x1005c281: bitmart.com
  455. 0x1005c390: cryptopia.co.nz
  456. 0x1005c49f: cryptonator.com
  457. 0x1005c5ae: advcash.com
  458. 0x1005c70d: my.dogechain.info
  459. 0x1005c86c: spectrocoin.com
  460. 0x1005c97b: exir.io
  461. 0x1005ca8a: exir.tech
  462. 0x1005cb99: coinbene.com
  463. 0x1005cca8: bitforex.com
  464. 0x1005cdb7: gopax.co.kr
  465. 0x1005cec6: catex.io
  466. 0x1005cfd5: vindax.com
  467. 0x1005d0e4: coineal.com
  468. 0x1005d1f3: maicoin.com
  469. 0x1005d302: finexbox.com
  470. 0x1005d411: etherflyer.com
  471. 0x1005d520: bx.in.th
  472. 0x1005d62f: bitopro.com
  473. 0x1005d73e: citex.co.kr
  474. 0x1005d84d: coinzo.com
  475. 0x1005d95c: atomars.com
  476. 0x1005da6b: coinfinit.com
  477. 0x1005db7a: bitker.com
  478. 0x1005dc89: dobitrade.com
  479. 0x1005dd98: btcexa.com
  480. 0x1005dea7: satowallet.com
  481. 0x1005dfb6: cpdax.com
  482. 0x1005e0c5: trade.io
  483. 0x1005e1d4: btcnext.io
  484. 0x1005e2e3: exmarkets.com
  485. 0x1005e442: btc-exchange.com
  486. 0x1005e5a1: chaoex.com
  487. 0x1005e6b0: jex.com
  488. 0x1005e80f: therocktrading.com
  489. 0x1005e96e: gdac.com
  490. 0x1005eacd: southxchange.com
  491. 0x1005ec2c: tokens.net
  492. 0x1005ed3b: fexpro.net
  493. 0x1005ee4a: btcbox.co.jp
  494. 0x1005ef59: coinmex.com
  495. 0x1005f068: cryptology.com
  496. 0x1005f177: cointiger.com
  497. 0x1005f286: cashierest.com
  498. 0x1005f395: coinbit.co.kr
  499. 0x1005f4a4: mxc.com
  500. 0x1005f5b3: bilaxy.com
  501. 0x1005f6c2: coinall.com
  502. 0x1005f7d1: coindeal.com
  503. 0x1005f8e0: omgfin.com
  504. 0x1005f9ef: oceanex.pro
  505. 0x1005fafe: bithumb.com
  506. 0x1005fc0d: ftx.com
  507. 0x1005fd1c: shortex.net
  508. 0x1005fe2b: coin.z.com
  509. 0x1005ff3a: fcoin.com
  510. 0x10060049: fatbtc.com
  511. 0x100601a8: tokenize.exchange
  512. 0x10060307: simex.global
  513. 0x10060466: instantbitex.com
  514. 0x100607af: SOFTWARE\Google\Chrome\PreferenceMACs
  515. 0x100609e9: \Google\Chrome\User Data\
  516. 0x10060b7b: \Login Data
  517. 0x10060dfb: SOFTWARE\Microsoft\Edge\PreferenceMACs
  518. 0x10061035: \Microsoft\Edge\User Data\
  519. 0x100611c7: \Login Data
  520. 0x100614a6: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  521. 0x10061780: \BraveSoftware\Brave-Browser\User Data\
  522. 0x10061962: \Login Data
  523. 0x10061bfc: SOFTWARE\CryptoTab Browser\PreferenceMACs
  524. 0x10061e36: \CryptoTab Browser\User Data\
  525. 0x10061fc8: \Login Data
  526. 0x10062329: \Roaming
  527. 0x10062426: \Roaming
  528. 0x1006257f: \Opera Software\Opera Stable
  529. 0x100626e8: \Login Data
  530. 0x10062999: binance.com
  531. 0x10062aa8: ascendex.com
  532. 0x10062bb7: kraken.com
  533. 0x10062cc6: huobi.com
  534. 0x10062dd5: coinbase.com
  535. 0x10062ee4: kucoin.com
  536. 0x10062ff3: hitbtc.com
  537. 0x10063102: gate.io
  538. 0x10063211: crypto.com
  539. 0x10063320: mercatox.com
  540. 0x1006342f: coins.ph
  541. 0x1006353e: coins.th
  542. 0x1006364d: poloniex.com
  543. 0x1006375c: bittrex.com
  544. 0x1006386b: bitpanda.com
  545. 0x1006397a: exmo.com
  546. 0x10063a89: dogechain.info
  547. 0x10063b98: luno.com
  548. 0x10063ca7: bitkub.com
  549. 0x10063db6: blockchain.com
  550. 0x10063ec5: livecoin.net
  551. 0x10064024: miningpoolhub.com
  552. 0x10064183: bitfinex.com
  553. 0x1006447c: SOFTWARE\Google\Chrome\PreferenceMACs
  554. 0x100646d9: \Google\Chrome\User Data\
  555. 0x1006486b: \Login Data
  556. 0x10064b75: SOFTWARE\Microsoft\Edge\PreferenceMACs
  557. 0x10064dd2: \Microsoft\Edge\User Data\
  558. 0x10064f64: \Login Data
  559. 0x100652c9: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  560. 0x100655c6: \BraveSoftware\Brave-Browser\User Data\
  561. 0x100657a8: \Login Data
  562. 0x10065ac8: SOFTWARE\CryptoTab Browser\PreferenceMACs
  563. 0x10065d25: \CryptoTab Browser\User Data\
  564. 0x10065eb7: \Login Data
  565. 0x1006629e: \Roaming
  566. 0x1006639b: \Roaming
  567. 0x10066500: \Opera Software\Opera Stable
  568. 0x10066669: \Login Data
  569. 0x10066959: yobit.net
  570. 0x10066a68: yobit.io
  571. 0x10066b77: zb.com
  572. 0x10066c86: okex.com
  573. 0x10066d95: bitstamp.net
  574. 0x10066ea4: bitflyer.com
  575. 0x10066fb3: coinone.co.kr
  576. 0x10067112: localbitcoins.com
  577. 0x10067271: korbit.co.kr
  578. 0x10067380: bitmex.com
  579. 0x100674df: cryptobridge.freshdesk.com
  580. 0x1006763e: volabit.com
  581. 0x1006774d: tradeogre.com
  582. 0x1006785c: uphold.com
  583. 0x1006796b: tidex.com
  584. 0x10067a7a: coinome.com
  585. 0x10067b89: bitso.com
  586. 0x10067ce8: coinpayments.net
  587. 0x10067e47: coinexchange.io
  588. 0x10067f56: bitmax.io
  589. 0x10068065: btc-alpha.com
  590. 0x10068174: bitbank.cc
  591. 0x100682d3: independentreserve.com
  592. 0x10068432: bitmart.com
  593. 0x10068541: exmo.com
  594. 0x10068650: cex.io
  595. 0x1006875f: coinbase.com
  596. 0x1006886e: cryptopia.co.nz
  597. 0x1006897d: cryptonator.com
  598. 0x10068a8c: advcash.com
  599. 0x10068b9b: spectrocoin.com
  600. 0x10068caa: exir.io
  601. 0x10068db9: exir.tech
  602. 0x10068ec8: coinbene.com
  603. 0x10068fd7: bitforex.com
  604. 0x100690e6: gopax.co.kr
  605. 0x100691f5: catex.io
  606. 0x10069304: vindax.com
  607. 0x10069413: coineal.com
  608. 0x10069522: maicoin.com
  609. 0x10069631: finexbox.com
  610. 0x10069740: etherflyer.com
  611. 0x1006984f: bx.in.th
  612. 0x1006995e: bitopro.com
  613. 0x10069a6d: lbank.info
  614. 0x10069b7c: citex.co.kr
  615. 0x10069c8b: coinzo.com
  616. 0x10069d9a: atomars.com
  617. 0x10069ea9: coinfinit.com
  618. 0x10069fb8: bitker.com
  619. 0x1006a117: btc-trade.com.ua
  620. 0x1006a276: dobitrade.com
  621. 0x1006a385: btcexa.com
  622. 0x1006a494: satowallet.com
  623. 0x1006a5a3: cpdax.com
  624. 0x1006a6b2: trade.io
  625. 0x1006a7c1: btcnext.io
  626. 0x1006a8d0: exmarkets.com
  627. 0x1006a9df: localtrade.cc
  628. 0x1006ab3e: btc-exchange.com
  629. 0x1006ac9d: chaoex.com
  630. 0x1006adac: jex.com
  631. 0x1006af0b: therocktrading.com
  632. 0x1006b06a: gdac.com
  633. 0x1006b1c9: southxchange.com
  634. 0x1006b328: tokens.net
  635. 0x1006b437: fexpro.net
  636. 0x1006b546: btcbox.co.jp
  637. 0x1006b655: coinmex.com
  638. 0x1006b764: cryptology.com
  639. 0x1006b873: kuna.io
  640. 0x1006b982: cointiger.com
  641. 0x1006ba91: cashierest.com
  642. 0x1006bba0: liquid.com
  643. 0x1006bcaf: coinbit.co.kr
  644. 0x1006bdbe: mxc.com
  645. 0x1006becd: bilaxy.com
  646. 0x1006bfdc: coinall.com
  647. 0x1006c0eb: coindeal.com
  648. 0x1006c1fa: omgfin.com
  649. 0x1006c309: stex.com
  650. 0x1006c418: oceanex.pro
  651. 0x1006c527: bithumb.com
  652. 0x1006c636: ftx.com
  653. 0x1006c745: shortex.net
  654. 0x1006c854: coin.z.com
  655. 0x1006c963: fcoin.com
  656. 0x1006ca72: fatbtc.com
  657. 0x1006cbd1: tokenize.exchange
  658. 0x1006cd30: simex.global
  659. 0x1006ce8f: instantbitex.com
  660. 0x1006cfee: btcmarkets.net
  661. 0x1006d2e7: SOFTWARE\Google\Chrome\PreferenceMACs
  662. 0x1006d521: \Google\Chrome\User Data\
  663. 0x1006d6b3: \Login Data
  664. 0x1006d933: SOFTWARE\Microsoft\Edge\PreferenceMACs
  665. 0x1006db6d: \Microsoft\Edge\User Data\
  666. 0x1006dcff: \Login Data
  667. 0x1006dfde: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  668. 0x1006e2b8: \BraveSoftware\Brave-Browser\User Data\
  669. 0x1006e49a: \Login Data
  670. 0x1006e734: SOFTWARE\CryptoTab Browser\PreferenceMACs
  671. 0x1006e96e: \CryptoTab Browser\User Data\
  672. 0x1006eb00: \Login Data
  673. 0x1006ee61: \Roaming
  674. 0x1006ef5e: \Roaming
  675. 0x1006f0b7: \Opera Software\Opera Stable
  676. 0x1006f220: \Login Data
  677. 0x1006f4c9: binance.com
  678. 0x1006f7c4: SOFTWARE\Google\Chrome\PreferenceMACs
  679. 0x1006fa21: \Google\Chrome\User Data\
  680. 0x1006fbb3: \Login Data
  681. 0x1006fecc: SOFTWARE\Microsoft\Edge\PreferenceMACs
  682. 0x10070129: \Microsoft\Edge\User Data\
  683. 0x100702bb: \Login Data
  684. 0x1007062f: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  685. 0x1007092c: \BraveSoftware\Brave-Browser\User Data\
  686. 0x10070b0e: \Login Data
  687. 0x10070e2e: SOFTWARE\CryptoTab Browser\PreferenceMACs
  688. 0x1007108b: \CryptoTab Browser\User Data\
  689. 0x1007121d: \Login Data
  690. 0x10071604: \Roaming
  691. 0x10071701: \Roaming
  692. 0x10071866: \Opera Software\Opera Stable
  693. 0x100719cf: \Login Data
  694. 0x10071cf9: etrade.com
  695. 0x10071e08: schwab.com
  696. 0x10071f17: fidelity.com
  697. 0x10072026: chase.com
  698. 0x10072185: morganstanley.com
  699. 0x100722e4: citi.com
  700. 0x100723f3: robinhood.com
  701. 0x10072502: navyfederal.org
  702. 0x10072611: ally.com
  703. 0x10072770: schoolsfirstfcu.org
  704. 0x100728cf: redfcu.org
  705. 0x100729de: mtb.com
  706. 0x10072aed: 53.com
  707. 0x10072bfc: easternbank.com
  708. 0x10072d5b: bankofamerica.com
  709. 0x10072eba: santander.com
  710. 0x10072fc9: marcus.com
  711. 0x100730d8: schools.org
  712. 0x100731e7: cu.com
  713. 0x100732f6: usaa.com
  714. 0x100735ef: SOFTWARE\Google\Chrome\PreferenceMACs
  715. 0x1007384c: \Google\Chrome\User Data\
  716. 0x100739de: \Login Data
  717. 0x10073ce8: SOFTWARE\Microsoft\Edge\PreferenceMACs
  718. 0x10073f45: \Microsoft\Edge\User Data\
  719. 0x100740d7: \Login Data
  720. 0x1007443c: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  721. 0x10074739: \BraveSoftware\Brave-Browser\User Data\
  722. 0x1007491b: \Login Data
  723. 0x10074c3b: SOFTWARE\CryptoTab Browser\PreferenceMACs
  724. 0x10074e98: \CryptoTab Browser\User Data\
  725. 0x1007502a: \Login Data
  726. 0x10075411: \Roaming
  727. 0x1007550e: \Roaming
  728. 0x10075673: \Opera Software\Opera Stable
  729. 0x100757dc: \Login Data
  730. 0x10075b09: ncsecu.org
  731. 0x10075c18: penfed.org
  732. 0x10075d27: becu.org
  733. 0x10075e86: schoolsfirstfcu.org
  734. 0x10076035: firsttechfed.com
  735. 0x10076194: golden1.com
  736. 0x100762f3: alliantcreditunion.org
  737. 0x100764a2: americafirst.com
  738. 0x10076651: suncoastcreditunion.com
  739. 0x100767b0: secumd.org
  740. 0x100768bf: safecu.org
  741. 0x100769ce: missionfed.com
  742. 0x10076add: greendot.com
  743. 0x10076c3c: firsttechfed.com
  744. 0x10076deb: americafirst.com
  745. 0x10076f4a: rbfcu.org
  746. 0x10077059: macu.com
  747. 0x10077168: dcu.org
  748. 0x10077277: ssfcu.org
  749. 0x10077386: bethpagefcu.com
  750. 0x10077495: starone.org
  751. 0x100775a4: alaskausa.org
  752. 0x100776b3: sdccu.com
  753. 0x10077812: aacreditunion.org
  754. 0x10077971: lmcu.org
  755. 0x10077a80: teachersfcu.org
  756. 0x10077b8f: patelco.org
  757. 0x10077c9e: esl.org
  758. 0x10077dad: onpointcu.com
  759. 0x10077f0c: logixbanking.com
  760. 0x1007806b: psecu.com
  761. 0x100781ca: deltacommunitycu.com
  762. 0x10078329: ent.com
  763. 0x10078438: cefcu.com
  764. 0x10078547: greenstate.org
  765. 0x10078656: unfcu.org
  766. 0x10078765: pffcu.org
  767. 0x100788c4: wingsfinancial.com
  768. 0x10078a73: iccu.comdesertfinancial.com
  769. 0x10078bd2: iccu.com
  770. 0x10078d31: desertfinancial.com
  771. 0x10078e90: hvfcu.org
  772. 0x10078f9f: wpcu.coop
  773. 0x100790ae: redwoodcu.org
  774. 0x100791bd: tcunet.com
  775. 0x100792cc: wsecu.org
  776. 0x1007942b: joviafinancial.com
  777. 0x1007958a: coastal24.com
  778. 0x10079699: myeecu.org
  779. 0x100797f8: gecreditunion.org
  780. 0x10079957: nymcu.org
  781. 0x10079a66: affinityfcu.com
  782. 0x10079b75: towerfcu.org
  783. 0x10079c84: safecu.org
  784. 0x10079d93: ccu.com
  785. 0x10079ef2: communityamerica.com
  786. 0x1007a051: langleyfcu.org
  787. 0x1007a160: credithuman.com
  788. 0x1007a26f: techcu.com
  789. 0x1007a37e: gecu.com
  790. 0x1007a48d: kfcu.org
  791. 0x1007a59c: applefcu.org
  792. 0x1007a6ab: nasafcu.com
  793. 0x1007a7ba: sfcu.org
  794. 0x1007a8c9: genisyscu.org
  795. 0x1007a9d8: unifyfcu.com
  796. 0x1007aae7: apcocu.org
  797. 0x1007ac46: firstcommunity.com
  798. 0x1007ada5: unitedfcu.com
  799. 0x1007aeb4: fairwinds.org
  800. 0x1007afc3: ufcu.org
  801. 0x1007b0d2: wescom.org
  802. 0x1007b1e1: missionfed.com
  803. 0x1007b2f0: bcu.org
  804. 0x1007b3ff: vacu.org
  805. 0x1007b55e: citadelbanking.com
  806. 0x1007b6bd: servicecu.org
  807. 0x1007b81c: summitcreditunion.com
  808. 0x1007b97b: secumd.org
  809. 0x1007ba8a: gesa.com
  810. 0x1007bb99: chevronfcu.org
  811. 0x1007bca8: traviscu.org
  812. 0x1007bdb7: uwcu.org
  813. 0x1007bf16: communityfirstcu.org
  814. 0x1007c075: ecu.org
  815. 0x1007c184: sccu.com
  816. 0x1007c293: bfsfcu.org
  817. 0x1007c3a2: bellco.org
  818. 0x1007c501: dfcufinancial.com
  819. 0x1007c660: msufcu.org
  820. 0x1007c76f: members1st.org
  821. 0x1007c87e: landmarkcu.com
  822. 0x1007c98d: kinecta.org
  823. 0x1007ca9c: midflorida.com
  824. 0x1007cbab: visionsfcu.org
  825. 0x1007ccba: veridiancu.org
  826. 0x1007ce19: statefarmfcu.com
  827. 0x1007cf78: tinkerfcu.org
  828. 0x1007d087: sefcu.com
  829. 0x1007d1e6: americanheritagecu.org
  830. 0x1007d345: robinsfcu.org
  831. 0x1007d454: canvas.org
  832. 0x1007d5b3: growfinancial.org
  833. 0x1007d712: truliantfcu.org
  834. 0x1007d821: fairwinds.org
  835. 0x1007d930: ascend.org
  836. 0x1007da3f: foundersfcu.com
  837. 0x1007db4e: calcoastcu.org
  838. 0x1007dc5d: ucu.org
  839. 0x1007dd6c: connexuscu.org
  840. 0x1007de7b: slfcu.org
  841. 0x1007df8a: numericacu.com
  842. 0x1007e099: eecu.org
  843. 0x1007e1a8: georgiasown.org
  844. 0x1007e2b7: nusenda.org
  845. 0x1007e416: tvacreditunion.com
  846. 0x1007e575: pcu.org
  847. 0x1007e684: msgcu.org
  848. 0x1007e7e3: nuvisionfederal.com
  849. 0x1007e992: trumarkonline.org
  850. 0x1007eaf1: navigantcu.org
  851. 0x1007ec00: ornlfcu.com
  852. 0x1007ed0f: jscfcu.org
  853. 0x1007ee1e: lgfcu.org
  854. 0x1007ef7d: elevationscu.com
  855. 0x1007f12c: gtefinancial.org
  856. 0x1007f28b: chartway.com
  857. 0x1007f39a: ecu.com
  858. 0x1007f4a9: sdfcu.org
  859. 0x1007f5b8: apcu.com
  860. 0x1007f6c7: schools.org
  861. 0x1007f7d6: metrocu.org
  862. 0x1007f8e5: campuscu.com
  863. 0x1007f9f4: adviacu.org
  864. 0x1007fb03: psfcu.com
  865. 0x1007fc12: andrewsfcu.org
  866. 0x1007fd21: eglinfcu.org
  867. 0x1007fe30: imcu.com
  868. 0x1007ff8f: americaneagle.org
  869. 0x100800ee: ttcu.com
  870. 0x100801fd: vantagewest.org
  871. 0x1008030c: empowerfcu.com
  872. 0x1008041b: rfcu.com
  873. 0x1008052a: capcomfcu.org
  874. 0x10080689: arizonafederal.org
  875. 0x10080838: csecreditunion.com
  876. 0x100809e7: communityfirstfl.org
  877. 0x10080b46: bayportcu.org
  878. 0x10080c55: gwcu.org
  879. 0x10080d64: wecu.com
  880. 0x10081060: SOFTWARE\Google\Chrome\PreferenceMACs
  881. 0x1008129a: \Google\Chrome\User Data\
  882. 0x1008142c: \Login Data
  883. 0x100816ac: SOFTWARE\Microsoft\Edge\PreferenceMACs
  884. 0x100818e6: \Microsoft\Edge\User Data\
  885. 0x10081a78: \Login Data
  886. 0x10081d57: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  887. 0x10082031: \BraveSoftware\Brave-Browser\User Data\
  888. 0x10082213: \Login Data
  889. 0x100824ad: SOFTWARE\CryptoTab Browser\PreferenceMACs
  890. 0x100826e7: \CryptoTab Browser\User Data\
  891. 0x10082879: \Login Data
  892. 0x10082bda: \Roaming
  893. 0x10082cd7: \Roaming
  894. 0x10082e30: \Opera Software\Opera Stable
  895. 0x10082f99: \Login Data
  896. 0x10083249: stgeorge.com.au
  897. 0x10083358: imb.com.au
  898. 0x10083467: ing.com.au
  899. 0x100835c6: bankofmelbourne.com.au
  900. 0x10083775: regionalaustraliabank.com
  901. 0x100838d4: suncorp.com.au
  902. 0x10083a33: regionalaustraliabank.com.au
  903. 0x10083d7e: SOFTWARE\Google\Chrome\PreferenceMACs
  904. 0x10083fdb: \Google\Chrome\User Data\
  905. 0x1008416d: \Login Data
  906. 0x10084486: SOFTWARE\Microsoft\Edge\PreferenceMACs
  907. 0x100846e3: \Microsoft\Edge\User Data\
  908. 0x10084875: \Login Data
  909. 0x10084bda: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  910. 0x10084ed7: \BraveSoftware\Brave-Browser\User Data\
  911. 0x100850b9: \Login Data
  912. 0x100853d9: SOFTWARE\CryptoTab Browser\PreferenceMACs
  913. 0x10085636: \CryptoTab Browser\User Data\
  914. 0x100857c8: \Login Data
  915. 0x10085baf: \Roaming
  916. 0x10085cac: \Roaming
  917. 0x10085e11: \Opera Software\Opera Stable
  918. 0x10085f7a: \Login Data
  919. 0x100862f9: neofinancial.com
  920. 0x10086458: bmo.com
  921. 0x100865b7: rbcroyalbank.com
  922. 0x10086903: SOFTWARE\Google\Chrome\PreferenceMACs
  923. 0x10086b60: \Google\Chrome\User Data\
  924. 0x10086cf2: \Login Data
  925. 0x1008700b: SOFTWARE\Microsoft\Edge\PreferenceMACs
  926. 0x10087268: \Microsoft\Edge\User Data\
  927. 0x100873fa: \Login Data
  928. 0x1008776e: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  929. 0x10087a6b: \BraveSoftware\Brave-Browser\User Data\
  930. 0x10087c4d: \Login Data
  931. 0x10087f6d: SOFTWARE\CryptoTab Browser\PreferenceMACs
  932. 0x100881ca: \CryptoTab Browser\User Data\
  933. 0x1008835c: \Login Data
  934. 0x10088743: \Roaming
  935. 0x10088840: \Roaming
  936. 0x100889a5: \Opera Software\Opera Stable
  937. 0x10088b0e: \Login Data
  938. 0x10088e39: usaa.com
  939. 0x10089134: SOFTWARE\Google\Chrome\PreferenceMACs
  940. 0x10089391: \Google\Chrome\User Data\
  941. 0x10089523: \Login Data
  942. 0x1008983c: SOFTWARE\Microsoft\Edge\PreferenceMACs
  943. 0x10089a99: \Microsoft\Edge\User Data\
  944. 0x10089c2b: \Login Data
  945. 0x10089f9f: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  946. 0x1008a29c: \BraveSoftware\Brave-Browser\User Data\
  947. 0x1008a47e: \Login Data
  948. 0x1008a79e: SOFTWARE\CryptoTab Browser\PreferenceMACs
  949. 0x1008a9fb: \CryptoTab Browser\User Data\
  950. 0x1008ab8d: \Login Data
  951. 0x1008af74: \Roaming
  952. 0x1008b071: \Roaming
  953. 0x1008b1d6: \Opera Software\Opera Stable
  954. 0x1008b33f: \Login Data
  955. 0x1008b669: robinhood.com
  956. 0x1008b778: navyfederal.org
  957. 0x1008ba71: SOFTWARE\Google\Chrome\PreferenceMACs
  958. 0x1008bcce: \Google\Chrome\User Data\
  959. 0x1008be60: \Login Data
  960. 0x1008c179: SOFTWARE\Microsoft\Edge\PreferenceMACs
  961. 0x1008c3d6: \Microsoft\Edge\User Data\
  962. 0x1008c568: \Login Data
  963. 0x1008c8dc: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  964. 0x1008cbd9: \BraveSoftware\Brave-Browser\User Data\
  965. 0x1008cdbb: \Login Data
  966. 0x1008d0db: SOFTWARE\CryptoTab Browser\PreferenceMACs
  967. 0x1008d338: \CryptoTab Browser\User Data\
  968. 0x1008d4ca: \Login Data
  969. 0x1008d8b1: \Roaming
  970. 0x1008d9ae: \Roaming
  971. 0x1008db13: \Opera Software\Opera Stable
  972. 0x1008dc7c: \Login Data
  973. 0x1008dfa9: tboholidays.com
  974. 0x1008e0b8: 24x7rooms.com
  975. 0x1008e1c7: adonis.com
  976. 0x1008e2d6: abreuonline.com
  977. 0x1008e3e5: almundo.com.ar
  978. 0x1008e4f4: bonotel.com
  979. 0x1008e603: bookohotel.com
  980. 0x1008e712: didatravel.com
  981. 0x1008e821: dotwconnect.com
  982. 0x1008e930: eetglobal.com
  983. 0x1008ea3f: escalabeds.com
  984. 0x1008eb9e: fastpayhotels.com
  985. 0x1008ecfd: getaroom.com
  986. 0x1008ee0c: goglobal.travel
  987. 0x1008ef1b: hoteldo.com.mx
  988. 0x1008f02a: hotelspro.com
  989. 0x1008f139: jumbonline.com
  990. 0x1008f248: kaluahtours.com
  991. 0x1008f357: lci-euro.com
  992. 0x1008f4b6: lotsofhotels.com
  993. 0x1008f615: mikinet.co.uk
  994. 0x1008f724: misterroom.com
  995. 0x1008f833: nexustours.com
  996. 0x1008f992: olympiaeurope.com
  997. 0x1008faf1: paximum.com
  998. 0x1008fc00: restel.es
  999. 0x1008fd0f: rezserver.com
  1000. 0x1008fe1e: rezlive.com
  1001. 0x1008ff2d: sunhotels.com
  1002. 0x1009003c: totalstay.com
  1003. 0x1009014b: travco.co.uk
  1004. 0x1009025a: travellanda.com
  1005. 0x10090369: smyrooms.com
  1006. 0x10090478: welcomebeds.com
  1007. 0x10090587: yalago.com
  1008. 0x10090696: hotelbeds.com
  1009. 0x10090992: SOFTWARE\Google\Chrome\PreferenceMACs
  1010. 0x10090bef: \Google\Chrome\User Data\
  1011. 0x10090d81: \Login Data
  1012. 0x1009108b: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1013. 0x100912e8: \Microsoft\Edge\User Data\
  1014. 0x1009147a: \Login Data
  1015. 0x100917df: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1016. 0x10091adc: \BraveSoftware\Brave-Browser\User Data\
  1017. 0x10091cbe: \Login Data
  1018. 0x10091fde: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1019. 0x1009223b: \CryptoTab Browser\User Data\
  1020. 0x100923cd: \Login Data
  1021. 0x100927b4: \Roaming
  1022. 0x100928b1: \Roaming
  1023. 0x10092a16: \Opera Software\Opera Stable
  1024. 0x10092b7f: \Login Data
  1025. 0x10092eb9: mercadolibre.com.mx
  1026. 0x10093018: hsbc.com.mx
  1027. 0x10093127: bbvanetcash.mx
  1028. 0x10093286: scotiabank.com.mx
  1029. 0x10093435: santander.com.mx
  1030. 0x10093594: bbva.mx
  1031. 0x10093890: SOFTWARE\Google\Chrome\PreferenceMACs
  1032. 0x10093aed: \Google\Chrome\User Data\
  1033. 0x10093c7f: \Login Data
  1034. 0x10093f98: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1035. 0x100941f5: \Microsoft\Edge\User Data\
  1036. 0x10094387: \Login Data
  1037. 0x100946ec: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1038. 0x100949e9: \BraveSoftware\Brave-Browser\User Data\
  1039. 0x10094bcb: \Login Data
  1040. 0x10094eeb: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1041. 0x10095148: \CryptoTab Browser\User Data\
  1042. 0x100952da: \Login Data
  1043. 0x100956c1: \Roaming
  1044. 0x100957be: \Roaming
  1045. 0x10095923: \Opera Software\Opera Stable
  1046. 0x10095a8c: \Login Data
  1047. 0x10095db9: opensea.io
  1048. 0x10095f18: plantvsundead.com
  1049. 0x100960c7: axieinfinity.com
  1050. 0x10096226: cryptocars.me
  1051. 0x10096335: bombcrypto.io
  1052. 0x10096444: cryptoplanes.me
  1053. 0x10096553: cryptozoon.io
  1054. 0x1009684e: SOFTWARE\Google\Chrome\PreferenceMACs
  1055. 0x10096aab: \Google\Chrome\User Data\
  1056. 0x10096c3d: \Login Data
  1057. 0x10096f56: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1058. 0x100971b3: \Microsoft\Edge\User Data\
  1059. 0x10097345: \Login Data
  1060. 0x100976aa: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1061. 0x100979a7: \BraveSoftware\Brave-Browser\User Data\
  1062. 0x10097b89: \Login Data
  1063. 0x10097ea9: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1064. 0x10098106: \CryptoTab Browser\User Data\
  1065. 0x10098298: \Login Data
  1066. 0x1009867f: \Roaming
  1067. 0x1009877c: \Roaming
  1068. 0x100988e1: \Opera Software\Opera Stable
  1069. 0x10098a4a: \Login Data
  1070. 0x10098d79: bankalhabib.com
  1071. 0x10099074: SOFTWARE\Google\Chrome\PreferenceMACs
  1072. 0x100992d1: \Google\Chrome\User Data\
  1073. 0x10099463: \Login Data
  1074. 0x1009977c: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1075. 0x100999d9: \Microsoft\Edge\User Data\
  1076. 0x10099b6b: \Login Data
  1077. 0x10099edf: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1078. 0x1009a1dc: \BraveSoftware\Brave-Browser\User Data\
  1079. 0x1009a3be: \Login Data
  1080. 0x1009a6de: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1081. 0x1009a93b: \CryptoTab Browser\User Data\
  1082. 0x1009aacd: \Login Data
  1083. 0x1009aeb4: \Roaming
  1084. 0x1009afb1: \Roaming
  1085. 0x1009b116: \Opera Software\Opera Stable
  1086. 0x1009b27f: \Login Data
  1087. 0x1009b5a9: ruralvia.com
  1088. 0x1009b6b8: ruralvia.es
  1089. 0x1009b817: bankinterconsumerfinance.com
  1090. 0x1009bb63: SOFTWARE\Google\Chrome\PreferenceMACs
  1091. 0x1009bdc0: \Google\Chrome\User Data\
  1092. 0x1009bf52: \Login Data
  1093. 0x1009c26b: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1094. 0x1009c4c8: \Microsoft\Edge\User Data\
  1095. 0x1009c65a: \Login Data
  1096. 0x1009c9ce: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1097. 0x1009cccb: \BraveSoftware\Brave-Browser\User Data\
  1098. 0x1009cead: \Login Data
  1099. 0x1009d1cd: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1100. 0x1009d42a: \CryptoTab Browser\User Data\
  1101. 0x1009d5bc: \Login Data
  1102. 0x1009d9a3: \Roaming
  1103. 0x1009daa0: \Roaming
  1104. 0x1009dc05: \Opera Software\Opera Stable
  1105. 0x1009dd6e: \Login Data
  1106. 0x1009e099: amazon.it
  1107. 0x1009e1a8: amazon.ca
  1108. 0x1009e2b7: amazon.de
  1109. 0x1009e5b3: SOFTWARE\Google\Chrome\PreferenceMACs
  1110. 0x1009e810: \Google\Chrome\User Data\
  1111. 0x1009e9a2: \Login Data
  1112. 0x1009ecbb: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1113. 0x1009ef18: \Microsoft\Edge\User Data\
  1114. 0x1009f0aa: \Login Data
  1115. 0x1009f41e: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1116. 0x1009f71b: \BraveSoftware\Brave-Browser\User Data\
  1117. 0x1009f8fd: \Login Data
  1118. 0x1009fc1d: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1119. 0x1009fe7a: \CryptoTab Browser\User Data\
  1120. 0x100a000c: \Login Data
  1121. 0x100a03f3: \Roaming
  1122. 0x100a04f0: \Roaming
  1123. 0x100a0655: \Opera Software\Opera Stable
  1124. 0x100a07be: \Login Data
  1125. 0x100a0ae9: amazon.com
  1126. 0x100a0bf8: netspend.com
  1127. 0x100a0d07: online.citi.com
  1128. 0x100a1003: SOFTWARE\Google\Chrome\PreferenceMACs
  1129. 0x100a1260: \Google\Chrome\User Data\
  1130. 0x100a13f2: \Login Data
  1131. 0x100a170b: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1132. 0x100a1968: \Microsoft\Edge\User Data\
  1133. 0x100a1afa: \Login Data
  1134. 0x100a1e6e: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1135. 0x100a216b: \BraveSoftware\Brave-Browser\User Data\
  1136. 0x100a234d: \Login Data
  1137. 0x100a266d: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1138. 0x100a28ca: \CryptoTab Browser\User Data\
  1139. 0x100a2a5c: \Login Data
  1140. 0x100a2e43: \Roaming
  1141. 0x100a2f40: \Roaming
  1142. 0x100a30a5: \Opera Software\Opera Stable
  1143. 0x100a320e: \Login Data
  1144. 0x100a3539: cloud.ibm.com
  1145. 0x100a3648: ca.ovh.com
  1146. 0x100a37a7: account.alibabacloud.com
  1147. 0x100a3956: cloud.huawei.com
  1148. 0x100a3b05: cloud.tencent.com
  1149. 0x100a3c64: vultr.com
  1150. 0x100a3d73: aws.amazon.com
  1151. 0x100a3ed2: portal.azure.com
  1152. 0x100a4081: digitalocean.com
  1153. 0x100a4230: console.scaleway.com
  1154. 0x100a438f: hetzner.com
  1155. 0x100a449e: linode.com
  1156. 0x100a45ad: oracle.com
  1157. 0x100a46bc: rackspace.com
  1158. 0x100a47cb: phoenixnap.com
  1159. 0x100a48da: leaseweb.com
  1160. 0x100a49e9: sso.ctl.io
  1161. 0x100a4af8: ctl.io
  1162. 0x100a4c07: lumen.com
  1163. 0x100a4f02: SOFTWARE\Google\Chrome\PreferenceMACs
  1164. 0x100a515f: \Google\Chrome\User Data\
  1165. 0x100a52f1: \Login Data
  1166. 0x100a55fb: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1167. 0x100a5858: \Microsoft\Edge\User Data\
  1168. 0x100a59ea: \Login Data
  1169. 0x100a5d4f: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1170. 0x100a604c: \BraveSoftware\Brave-Browser\User Data\
  1171. 0x100a622e: \Login Data
  1172. 0x100a654e: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1173. 0x100a67ab: \CryptoTab Browser\User Data\
  1174. 0x100a693d: \Login Data
  1175. 0x100a6d24: \Roaming
  1176. 0x100a6e21: \Roaming
  1177. 0x100a6f86: \Opera Software\Opera Stable
  1178. 0x100a70ef: \Login Data
  1179. 0x100a7419: paypal.com
  1180. 0x100a7714: SOFTWARE\Google\Chrome\PreferenceMACs
  1181. 0x100a7971: \Google\Chrome\User Data\
  1182. 0x100a7b03: \Login Data
  1183. 0x100a7e1c: SOFTWARE\Microsoft\Edge\PreferenceMACs
  1184. 0x100a8079: \Microsoft\Edge\User Data\
  1185. 0x100a820b: \Login Data
  1186. 0x100a857f: SOFTWARE\BraveSoftware\Brave-Browser\PreferenceMACs
  1187. 0x100a887c: \BraveSoftware\Brave-Browser\User Data\
  1188. 0x100a8a5e: \Login Data
  1189. 0x100a8d7e: SOFTWARE\CryptoTab Browser\PreferenceMACs
  1190. 0x100a8fdb: \CryptoTab Browser\User Data\
  1191. 0x100a916d: \Login Data
  1192. 0x100a9554: \Roaming
  1193. 0x100a9651: \Roaming
  1194. 0x100a97b6: \Opera Software\Opera Stable
  1195. 0x100a991f: \Login Data
  1196. 0x100a9c3b: WW_P_7
  1197. 0x100a9d35: WW_P_8
  1198. 0x100a9e32: -1
  1199. 0x100aa05c: https://
  1200. 0x100aa702: rb
  1201. 0x100ab899: wb
  1202. 0x100abed3: .exe
  1203. 0x100ac33a: open
  1204. 0x100acaa7: WW_P_
  1205. 0x100acbc8: WW_P_1
  1206. 0x100accda: WW_P_7
  1207. 0x100acdec: WW_P_8
  1208. 0x100acfb0: |
  1209. 0x100ad084: AddLoggerStat|
  1210. 0x100ad1fe: links
  1211. 0x100ad2f4: extensions
  1212. 0x100ad3f6: EU
  1213. 0x100ad566: ezstat.ru/1BfPg7
  1214. 0x100ad6b4: USA_1
  1215. 0x100ad824: iplis.ru/1BX4j7.png
  1216. 0x100ad9bd: iplis.ru/1BV4j7.mp4
  1217. 0x100adb0b: USA_2
  1218. 0x100adc7b: iplis.ru/1BC4j7.mp3
  1219. 0x100ade14: iplis.ru/1BV4j7.mp4
  1220. 0x100adfad: iplis.ru/1cC8u7.mp3
  1221. 0x100ae146: iplis.ru/1G8Fx7.mp3
  1222. 0x100ae294: WW_1
  1223. 0x100ae404: iplis.ru/1BNhx7.mp3
  1224. 0x100ae59d: iplis.ru/1G8Fx7.mp3
  1225. 0x100ae6e6: US
  1226. 0x100ae856: iplis.ru/1pRXr7.txt
  1227. 0x100ae9ef: iplis.ru/1BV4j7.mp4
  1228. 0x100aeb3d: WW_2
  1229. 0x100aecad: SetIncrement|ww_starts
  1230. 0x100aedfd: false
  1231. 0x100aef68: iplis.ru/1S2Qs7.mp3
  1232. 0x100af101: iplis.ru/1G8Fx7.mp3
  1233. 0x100af24a: US
  1234. 0x100af3ba: iplis.ru/1pRXr7.txt
  1235. 0x100af553: iplis.ru/1BV4j7.mp4
  1236. 0x100af6ac: WW_3
  1237. 0x100af81c: SetIncrement|ww_starts
  1238. 0x100af96c: false
  1239. 0x100afad7: iplis.ru/1S3fd7.mp3
  1240. 0x100afc70: iplis.ru/1G8Fx7.mp3
  1241. 0x100afdb9: US
  1242. 0x100aff29: iplis.ru/1pRXr7.txt
  1243. 0x100b00c2: iplis.ru/1BV4j7.mp4
  1244. 0x100b021b: WW_4
  1245. 0x100b038b: SetIncrement|ww_starts
  1246. 0x100b04db: false
  1247. 0x100b0646: iplis.ru/17VHv7.mp3
  1248. 0x100b07df: iplis.ru/1G8Fx7.mp3
  1249. 0x100b0928: US
  1250. 0x100b0a98: iplis.ru/1pRXr7.txt
  1251. 0x100b0c31: iplis.ru/1BV4j7.mp4
  1252. 0x100b0d8a: WW_5
  1253. 0x100b0efa: iplis.ru/1GLDc7.mp3
  1254. 0x100b1093: iplis.ru/1G8Fx7.mp3
  1255. 0x100b11dc: US
  1256. 0x100b134c: iplis.ru/1pRXr7.txt
  1257. 0x100b14e5: iplis.ru/1BV4j7.mp4
  1258. 0x100b1633: WW_6
  1259. 0x100b17a3: SetIncrement|ww_starts
  1260. 0x100b18f3: false
  1261. 0x100b1a5e: iplis.ru/1xDsk7.mp3
  1262. 0x100b1bf7: iplis.ru/1G8Fx7.mp3
  1263. 0x100b1d40: US
  1264. 0x100b1eb0: iplis.ru/1pRXr7.txt
  1265. 0x100b2049: iplis.ru/1BV4j7.mp4
  1266. 0x100b21a2: WW_7
  1267. 0x100b2312: SetIncrement|ww_starts
  1268. 0x100b2462: false
  1269. 0x100b25cd: iplis.ru/1xFsk7.mp3
  1270. 0x100b275a: iplis.ru/1G8Fx7.mp3
  1271. 0x100b28a0: US
  1272. 0x100b29f5: iplis.ru/1pRXr7.txt
  1273. 0x100b2b8b: iplis.ru/1BV4j7.mp4
  1274. 0x100b2ce4: WW_OPERA
  1275. 0x100b2e54: SetIncrement|ww_starts
  1276. 0x100b2fa4: false
  1277. 0x100b310f: iplis.ru/1GCuv7.pdf
  1278. 0x100b32a8: iplis.ru/1G8Fx7.mp3
  1279. 0x100b33f1: US
  1280. 0x100b3561: iplis.ru/1pRXr7.txt
  1281. 0x100b36fa: iplis.ru/1BV4j7.mp4
  1282. 0x100b3853: WW_8
  1283. 0x100b39c3: iplis.ru/1lmex.mp3
  1284. 0x100b3b5c: iplis.ru/1G8Fx7.mp3
  1285. 0x100b3ca5: US
  1286. 0x100b3e15: iplis.ru/1pRXr7.txt
  1287. 0x100b3fae: iplis.ru/1BV4j7.mp4
  1288. 0x100b40fc: WW_9
  1289. 0x100b426c: SetIncrement|ww_starts
  1290. 0x100b43bc: false
  1291. 0x100b4527: iplis.ru/1Gemv7.mp3
  1292. 0x100b46c0: iplis.ru/1G8Fx7.mp3
  1293. 0x100b4809: US
  1294. 0x100b4979: iplis.ru/1pRXr7.txt
  1295. 0x100b4b12: iplis.ru/1BV4j7.mp4
  1296. 0x100b4c6b: WW_10
  1297. 0x100b4ddb: SetIncrement|ww_starts
  1298. 0x100b4f2b: false
  1299. 0x100b5096: iplis.ru/1Gymv7.mp3
  1300. 0x100b522f: iplis.ru/1G8Fx7.mp3
  1301. 0x100b5378: US
  1302. 0x100b54e8: iplis.ru/1pRXr7.txt
  1303. 0x100b5681: iplis.ru/1BV4j7.mp4
  1304. 0x100b57da: WW_11
  1305. 0x100b594a: SetIncrement|ww_starts
  1306. 0x100b5a9a: false
  1307. 0x100b5c05: iplis.ru/1tqHh7.mp3
  1308. 0x100b5d9e: iplis.ru/1G8Fx7.mp3
  1309. 0x100b5ee7: US
  1310. 0x100b6057: iplis.ru/1pRXr7.txt
  1311. 0x100b61f0: iplis.ru/1BV4j7.mp4
  1312. 0x100b6349: WW_12
  1313. 0x100b649e: iplis.ru/1aFYp7.mp3
  1314. 0x100b6634: iplis.ru/1G8Fx7.mp3
  1315. 0x100b677d: US
  1316. 0x100b68ed: iplis.ru/1pRXr7.txt
  1317. 0x100b6a86: iplis.ru/1BV4j7.mp4
  1318. 0x100b6bd4: WW_13
  1319. 0x100b6d44: iplis.ru/1cC8u7.mp3
  1320. 0x100b6edd: iplis.ru/1G8Fx7.mp3
  1321. 0x100b7026: US
  1322. 0x100b7196: iplis.ru/1pRXr7.txt
  1323. 0x100b732f: iplis.ru/1BV4j7.mp4
  1324. 0x100b747d: WW_14
  1325. 0x100b75ed: iplis.ru/1cN8u7.mp3
  1326. 0x100b773b: WW_15
  1327. 0x100b7890: SetIncrement|ww_starts
  1328. 0x100b79dd: false
  1329. 0x100b7b48: iplis.ru/1kicy7.mp3
  1330. 0x100b7ce1: iplis.ru/1G8Fx7.mp3
  1331. 0x100b7e2a: US
  1332. 0x100b7f9a: iplis.ru/1pRXr7.txt
  1333. 0x100b8133: iplis.ru/1BV4j7.mp4
  1334. 0x100b828c: WW_P_1
  1335. 0x100b83fc: iplis.ru/1BMhx7.mp3
  1336. 0x100b854a: WW_16
  1337. 0x100b86ba: SetIncrement|ww_starts
  1338. 0x100b880a: false
  1339. 0x100b8975: iplis.ru/1edLy7.png
  1340. 0x100b8b0e: iplis.ru/1G8Fx7.mp3
  1341. 0x100b8c57: US
  1342. 0x100b8dc7: iplis.ru/1pRXr7.txt
  1343. 0x100b8f60: iplis.ru/1BV4j7.mp4
  1344. 0x100b90b9: WW_17
  1345. 0x100b9229: iplis.ru/1nGPt7.png
  1346. 0x100b93c2: iplis.ru/1G8Fx7.mp3
  1347. 0x100b950b: US
  1348. 0x100b967b: iplis.ru/1pRXr7.txt
  1349. 0x100b9814: iplis.ru/1BV4j7.mp4
  1350. 0x100b9962: WW_P_2
  1351. 0x100b9ad2: iplis.ru/1Bshv7.mp3
  1352. 0x100b9c20: WW_P_3
  1353. 0x100b9d90: iplis.ru/1Lgnh7.mp3
  1354. 0x100b9ede: WW_P_4
  1355. 0x100ba04e: iplis.ru/1vt8c7.mp3
  1356. 0x100ba19c: WW_P_5
  1357. 0x100ba30c: iplis.ru/1IcfD.mp3
  1358. 0x100ba461: WW_P_6
  1359. 0x100ba573: WW_P_7
  1360. 0x100ba735: iplis.ru/1eXqs7.mp3
  1361. 0x100ba883: WW_P_8
  1362. 0x100ba9f3: iplis.ru/1Unzy7.mp3
  1363. 0x100bab41: WW_18
  1364. 0x100bacb1: iplis.ru/12hYs7.mp3
  1365. 0x100bae4a: iplis.ru/1G8Fx7.mp3
  1366. 0x100baf93: US
  1367. 0x100bb103: iplis.ru/1pRXr7.txt
  1368. 0x100bb29c: iplis.ru/1BV4j7.mp4
  1369. 0x100bb3ea: WW_19
  1370. 0x100bb55a: SetIncrement|ww_starts
  1371. 0x100bb6aa: false
  1372. 0x100bb815: iplis.ru/12d8d7.mp3
  1373. 0x100bb9ae: iplis.ru/1G8Fx7.mp3
  1374. 0x100bbaf7: US
  1375. 0x100bbc67: iplis.ru/1pRXr7.txt
  1376. 0x100bbe00: iplis.ru/1BV4j7.mp4
  1377. 0x100bbf59: WW_20
  1378. 0x100bc0c9: iplis.ru/1Uvgu7.mp3
  1379. 0x100bc262: iplis.ru/1G8Fx7.mp3
  1380. 0x100bc3ab: US
  1381. 0x100bc51b: iplis.ru/1pRXr7.txt
  1382. 0x100bc6b4: iplis.ru/1BV4j7.mp4
  1383. 0x100bc802: WW_21
  1384. 0x100bc972: SetIncrement|ww_starts
  1385. 0x100bcac2: false
  1386. 0x100bcc2d: iplis.ru/1jvTz7.mp3
  1387. 0x100bcdc6: iplis.ru/1G8Fx7.mp3
  1388. 0x100bcf0f: US
  1389. 0x100bd07f: iplis.ru/1pRXr7.txt
  1390. 0x100bd218: iplis.ru/1BV4j7.mp4
  1391. 0x100bd431: ids
  1392. 0x100bd581: browsers
  1393. 0x100bd76f: id
  1394. 0x100bd890: extensions
  1395. 0x100bda02: Chrome:
  1396. 0x100bdb47: browser
  1397. 0x100bdc56: browsers
  1398. 0x100bddc6: Edge:
  1399. 0x100bdefc: browser
  1400. 0x100bdff6: browsers
  1401. 0x100be122: os_country_code
  1402. 0x100be1d8: country
  1403. 0x100be33a: os
  1404. 0x100be486: ip_country
  1405. 0x100be5d4: AddExtensionStat|
  1406. 0x100be85e: .exe
  1407. 0x100be933: \
  1408. 0x100bf4e3: \
  1409. 0x100bf71f: https://
  1410. 0x100bfa12: https://
  1411. 0x100c0423: open
  1412. 0x100c0941: open
  1413. 0x100c0b95: links
  1414. 0x100c0ce5: extensions
  1415. 0x100c0e7c: net_country_code
  1416. 0x100c101f: os_country_code
  1417. 0x100c1512: wininet.dll
  1418. 0x100c1732: WW_P_
  1419. 0x100c1853: WW_P_1
  1420. 0x100c1a26: WW_P_1
  1421. 0x100c1b38: WW_20
  1422. 0x100c1e26: http://45.144.225.57/download/NiceProcessX64.bmp
  1423. 0x100c1fed: -1
  1424. 0x100c226b: http://45.144.225.57/download/NiceProcessX32.bmp
  1425. 0x100c2432: -1
  1426. 0x100c2552: WW_20
  1427. 0x100c26c2: iplis.ru/1Uvgu7.mp3
  1428. 0x100c281b: WW_P_8
  1429. 0x100c2b22: https://cdn.discordapp.com/attachments/910842184708792331/931507465563045909/dingo_20220114120058.bmp
  1430. 0x100c2dee: -1
  1431. 0x100c2fba: WW_P_7
  1432. 0x100c3181: https://c.xyzgamec.com/userdown/2202/random.exe
  1433. 0x100c330d: -1
  1434. 0x100c357b: http://193.56.146.76/Proxytest.exe
  1435. 0x100c3707: -1
  1436. 0x100c39c5: http://www.yzsyjyjh.com/askhelp23/askinstall23.exe
  1437. 0x100c3ba1: -1
  1438. 0x100c3e0f: http://91.241.19.125/pub.php?pub=one
  1439. 0x100c3f9b: -1
  1440. 0x100c4259: http://privacy-tools-for-you-780.com/downloads/toolspab3.exe
  1441. 0x100c4435: -1
  1442. 0x100c46a3: http://luminati-china.xyz/aman/casper2.exe
  1443. 0x100c482f: -1
  1444. 0x100c4b3d: https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr95038215.exe
  1445. 0x100c4d69: -1
  1446. 0x100c4fd7: http://tg8.cllgxx.com/hp8/g1/yrpp1047.exe
  1447. 0x100c5163: -1
  1448. 0x100c54c1: https://cdn.discordapp.com/attachments/910842184708792331/930849718240698368/Roll.bmp
  1449. 0x100c573d: 1916
  1450. 0x100c5a0d: https://cdn.discordapp.com/attachments/910842184708792331/930850766787330068/real1201.bmp
  1451. 0x100c5c89: 468
  1452. 0x100c5f59: https://cdn.discordapp.com/attachments/910842184708792331/930882959131693096/Installer.bmp
  1453. 0x100c61d5: 1920
  1454. 0x100c63b5: http://185.215.113.208/ferrari.exe
  1455. 0x100c6541: 1750
  1456. 0x100c680a: https://cdn.discordapp.com/attachments/910842184708792331/931233371110141962/LingeringsAntiphon.bmp
  1457. 0x100c6ac4: 1927
  1458. 0x100c6d94: https://cdn.discordapp.com/attachments/910842184708792331/931285223709225071/russ.bmp
  1459. 0x100c7010: 1929
  1460. 0x100c72e0: https://cdn.discordapp.com/attachments/910842184708792331/932720393201016842/filinnn.bmp
  1461. 0x100c755c: 1946
  1462. 0x100c782c: https://cdn.discordapp.com/attachments/910842184708792331/933436611427979305/build20k.bmp
  1463. 0x100c7aa8: 1985
  1464. 0x100c7be6: WW_P_6
  1465. 0x100c7dad: https://c.xyzgamec.com/userdown/2202/random.exe
  1466. 0x100c7f39: -1
  1467. 0x100c8119: http://mnbuiy.pw/adsli/note8876.exe
  1468. 0x100c82a5: -1
  1469. 0x100c84d5: http://www.yzsyjyjh.com/askhelp23/askinstall23.exe
  1470. 0x100c86b1: -1
  1471. 0x100c8891: http://91.241.19.125/pub.php?pub=one
  1472. 0x100c8a1d: -1
  1473. 0x100c8bad: http://sarfoods.com/index.php
  1474. 0x100c8ce9: -1
  1475. 0x100c8ec9: http://luminati-china.xyz/aman/casper2.exe
  1476. 0x100c9055: -1
  1477. 0x100c9285: https://suprimax.vet.br/css/fonts/OneCleanerInst942914.exe
  1478. 0x100c9461: -1
  1479. 0x100c9641: http://tg8.cllgxx.com/hp8/g1/ssaa1047.exe
  1480. 0x100c97cd: -1
  1481. 0x100c990b: WW_P_5
  1482. 0x100c9bcf: https://www.deezloader.app/files/Deezloader_Remix_Installer_64_bit_4.3.0_Setup.exe
  1483. 0x100c9e4b: -1
  1484. 0x100ca120: https://www.deezloader.app/files/Deezloader_Remix_Installer_32_bit_4.3.0_Setup.exe
  1485. 0x100ca39c: -1
  1486. 0x100ca4da: WW_P_4
  1487. 0x100ca791: https://cdn.discordapp.com/attachments/910281601559167006/911516400005296219/anyname.exe
  1488. 0x100caa0d: -1
  1489. 0x100cacdd: https://cdn.discordapp.com/attachments/910281601559167006/911516894660530226/PBsecond.exe
  1490. 0x100caf59: -1
  1491. 0x100cb097: WW_P_3
  1492. 0x100cb34e: https://cdn.discordapp.com/attachments/910842184708792331/914047763304550410/Xpadder.bmp
  1493. 0x100cb5ca: -1
  1494. 0x100cb708: WW_P_2
  1495. 0x100cb87f: https://iplogger.org/2BTmf7
  1496. 0x100cb9bb: -1
  1497. 0x100cbb4b: https://iplogger.org/2BAmf7
  1498. 0x100cbc87: -1
  1499. 0x100cbe17: https://iplogger.org/2BDmf7
  1500. 0x100cbf53: -1
  1501. 0x100cc0e3: https://iplogger.org/2BFmf7
  1502. 0x100cc21f: -1
  1503. 0x100cc3af: https://iplogger.org/2s2pg6
  1504. 0x100cc4eb: -1
  1505. 0x100cc67b: https://iplogger.org/2s3pg6
  1506. 0x100cc7b7: -1
  1507. 0x100cc947: https://iplogger.org/2s4pg6
  1508. 0x100cca83: -1
  1509. 0x100ccc13: https://iplogger.org/2s5pg6
  1510. 0x100ccd4f: -1
  1511. 0x100ccedf: https://iplogger.org/2s6pg6
  1512. 0x100cd01b: -1
  1513. 0x100cd1ab: https://iplogger.org/2s7pg6
  1514. 0x100cd2e7: -1
  1515. 0x100cd462: WW_20
  1516. 0x100cd629: http://185.215.113.208/ferrari4.exe
  1517. 0x100cd7b5: -1
  1518. 0x100cdb76: id
  1519. 0x100cdca0: cold
  1520. 0x100cddba: browser
  1521. 0x100cdec1: crypto_wallets
  1522. 0x100cdfcb: links
  1523. 0x100ce364: id
  1524. 0x100ce47b: domain
  1525. 0x100ce582: bank_wallets
  1526. 0x100ce68c: links
  1527. 0x100cea27: id
  1528. 0x100ceb3e: domain
  1529. 0x100cec45: cu_bank_wallets
  1530. 0x100ced4f: links
  1531. 0x100cf0e8: id
  1532. 0x100cf1ff: domain
  1533. 0x100cf306: shop_wallets
  1534. 0x100cf410: links
  1535. 0x100cf7ab: id
  1536. 0x100cf8c2: domain
  1537. 0x100cf9c9: bank_au_wallets
  1538. 0x100cfad3: links
  1539. 0x100cfe6f: id
  1540. 0x100cff86: domain
  1541. 0x100d0090: amazon_eu
  1542. 0x100d019a: links
  1543. 0x100d0538: id
  1544. 0x100d064f: domain
  1545. 0x100d0759: webhosts
  1546. 0x100d0863: links
  1547. 0x100d0bff: id
  1548. 0x100d0d16: domain
  1549. 0x100d0e20: paypal
  1550. 0x100d0f2a: links
  1551. 0x100d12c8: id
  1552. 0x100d13df: domain
  1553. 0x100d14e9: bank_ca_wallets
  1554. 0x100d15f3: links
  1555. 0x100d1995: id
  1556. 0x100d1abf: cold
  1557. 0x100d1bdc: browser
  1558. 0x100d1ce6: crypto_wallets
  1559. 0x100d1df0: links
  1560. 0x100d218c: id
  1561. 0x100d22a3: browser
  1562. 0x100d23ad: crypto_wallets
  1563. 0x100d24b7: links
  1564. 0x100d2855: id
  1565. 0x100d296c: domain
  1566. 0x100d2a76: bank_wallets
  1567. 0x100d2b80: links
  1568. 0x100d2f1c: id
  1569. 0x100d3033: domain
  1570. 0x100d313d: bank_wallets
  1571. 0x100d3247: links
  1572. 0x100d35e5: id
  1573. 0x100d36fc: domain
  1574. 0x100d3806: browser_vbmt
  1575. 0x100d3910: links
  1576. 0x100d3cac: id
  1577. 0x100d3dc3: domain
  1578. 0x100d3ecd: bank_wallets
  1579. 0x100d3fd7: links
  1580. 0x100d437f: id
  1581. 0x100d4496: domain
  1582. 0x100d45a0: bank_wallets
  1583. 0x100d46aa: links
  1584. 0x100d4a15: id
  1585. 0x100d4b2c: browser
  1586. 0x100d4c36: crypto_wallets
  1587. 0x100d4d40: links
  1588. 0x100d50de: id
  1589. 0x100d51f5: domain
  1590. 0x100d52ff: bank_wallets
  1591. 0x100d5409: links
  1592. 0x100d57a5: id
  1593. 0x100d58bc: domain
  1594. 0x100d59c6: bank_wallets
  1595. 0x100d5ad0: links
  1596. 0x100d5d5a: GetCryptoSleeping
  1597. 0x100d5ebd: _
  1598. 0x100d6f48: -1
  1599. 0x100d7077: id
  1600. 0x100d7181: links
  1601. 0x100d7eeb: EU
  1602. 0x100d804e: USA_1
  1603. 0x100d81b1: USA_2
  1604. 0x100d8313: WW_1
  1605. 0x100d8476: WW_2
  1606. 0x100d85d9: WW_3
  1607. 0x100d873b: WW_4
  1608. 0x100d889e: WW_5
  1609. 0x100d8a01: WW_6
  1610. 0x100d8b63: WW_7
  1611. 0x100d8cc6: WW_OPERA
  1612. 0x100d8e29: WW_8
  1613. 0x100d8f8b: WW_9
  1614. 0x100d90ee: WW_10
  1615. 0x100d9251: WW_11
  1616. 0x100d93b3: WW_12
  1617. 0x100d9516: WW_13
  1618. 0x100d9679: WW_14
  1619. 0x100d97db: WW_15
  1620. 0x100d993e: WW_P_1
  1621. 0x100d9aa1: WW_16
  1622. 0x100d9c03: WW_17
  1623. 0x100d9d66: WW_P_2
  1624. 0x100d9ec9: WW_P_3
  1625. 0x100da02b: WW_P_4
  1626. 0x100da18e: WW_P_5
  1627. 0x100da2f1: WW_P_6
  1628. 0x100da453: WW_P_7
  1629. 0x100da5b6: WW_P_8
  1630. 0x100da719: WW_18
  1631. 0x100da87b: WW_19
  1632. 0x100da9de: WW_20
  1633. 0x100dab41: WW_21
  1634. 0x100dac97: WW_4
  1635. 0x100dada9: WW_19
  1636. 0x100db331: US
  1637. 0x100db490: USA_2
  1638. 0x100dba4d: WW_P_
  1639. 0x100dbb6e: WW_P_1
  1640. 0x100dc22d: |
  1641. 0x100dc351: IsUseDominationProject|
  1642. 0x100dc579: cryptoWallets
  1643. 0x100dc659: browser
  1644. 0x100dc745: status
  1645. 0x100dc8b2: cryptoWallets
  1646. 0x100dc992: cold
  1647. 0x100dca7e: status
  1648. 0x100dcbd4: bankWallets
  1649. 0x100dccb4: status
  1650. 0x100dce0a: cuBankWallets
  1651. 0x100dceea: status
  1652. 0x100dd040: shops
  1653. 0x100dd120: status
  1654. 0x100dd276: bankAUWallets
  1655. 0x100dd356: status
  1656. 0x100dd4ac: amazon_eu
  1657. 0x100dd58c: status
  1658. 0x100dd6e2: webhosts
  1659. 0x100dd7c2: status
  1660. 0x100dd918: paypal
  1661. 0x100dd9f8: status
  1662. 0x100ddb4e: bankCAWallets
  1663. 0x100ddc2e: status
  1664. 0x100dddb9: cryptoWallets_part1
  1665. 0x100ddee6: status
  1666. 0x100de071: cryptoWallets_part2
  1667. 0x100de19e: status
  1668. 0x100de344: bankWallets_part1
  1669. 0x100de474: status
  1670. 0x100de5ff: bankWallets_part2
  1671. 0x100de72c: status
  1672. 0x100de882: VBMT
  1673. 0x100de962: status
  1674. 0x100deab8: bankMXWallets
  1675. 0x100deb98: status
  1676. 0x100decee: cryptoGames
  1677. 0x100dedce: status
  1678. 0x100def24: bankPKWallets
  1679. 0x100df004: status
  1680. 0x100df15a: bankESWallets
  1681. 0x100df23a: status
  1682. 0x100df61f: SetLoaderAnalyze|
  1683. 0x100df83c: SetIncrement|not_elevated
  1684. 0x100fb1d4: .
  1685. 0x100fb2fc: .dll
  1686. 0x100fb422: #
  1687. 0x100fb8d7: WinHttpConnect
  1688. 0x100fb9ab: Winhttp.dll
  1689. 0x100fbb06: WinHttpQueryHeaders
  1690. 0x100fbc27: Winhttp.dll
  1691. 0x100fbd4d: WinHttpOpen
  1692. 0x100fbe21: Winhttp.dll
  1693. 0x100fbf8b: WinHttpOpenRequest
  1694. 0x100fc0ac: Winhttp.dll
  1695. 0x100fc222: WinHttpQueryDataAvailable
  1696. 0x100fc346: Winhttp.dll
  1697. 0x100fc4bc: WinHttpSendRequest
  1698. 0x100fc5e0: Winhttp.dll
  1699. 0x100fc73b: WinHttpReceiveResponse
  1700. 0x100fc85c: Winhttp.dll
  1701. 0x100fc982: WinHttpReadData
  1702. 0x100fca56: Winhttp.dll
  1703. 0x100fcbb1: WinHttpCloseHandle
  1704. 0x100fccd2: Winhttp.dll
  1705. 0x100fcfd2: http://
  1706. 0x100fd0b1: /
  1707. 0x100fd253: ?
  1708. 0x100fe1e7: HEAD
  1709. 0x100fe74e: wb
  1710. 0x100feca9: InternetOpenA
  1711. 0x100fedd4: InternetSetOptionA
  1712. 0x100fef5b: HttpOpenRequestA
  1713. 0x100ff0ee: InternetConnectA
  1714. 0x100ff284: InternetOpenUrlA
  1715. 0x100ff3ca: HttpQueryInfoA
  1716. 0x100ff510: InternetQueryOptionA
  1717. 0x100ff6a6: HttpSendRequestA
  1718. 0x100ff821: InternetReadFile
  1719. 0x100ff999: InternetCloseHandle
  1720.  
Advertisement
Comments
Add Comment
Please, Sign In to add comment
Advertisement